Open Information Security Management Maturity Model O-ISM3

Van Haren

The O-ISM3 standard focuses on the common processes of information security. It is technology-neutral, very practical and considers the business aspect in depth. This means that practitioners can use O-ISM3 with a wide variety of protection techniques used in the marketplace. In addition it supports common frameworks such as ISO 9000, ISO 27000, COBIT and ITIL. Covers: risk management, security controls, security management and how to translate business drivers into security objectives and targets
Read more
Loading...

Additional Information

Publisher
Van Haren
Read more
Published on
May 5, 2011
Read more
Pages
154
Read more
ISBN
9789087539115
Read more
Language
English
Read more
Genres
Education / General
Education / Organizations & Institutions
Education / Standards (incl. Common Core)
Education / Teaching Methods & Materials / General
Education / Training & Certification
Read more
Content Protection
This content is DRM protected.
Read more

Reading information

Smartphones and Tablets

Install the Google Play Books app for Android and iPad/iPhone. It syncs automatically with your account and allows you to read online or offline wherever you are.

Laptops and Computers

You can read books purchased on Google Play using your computer's web browser.

eReaders and other devices

To read on e-ink devices like the Sony eReader or Barnes & Noble Nook, you'll need to download a file and transfer it to your device. Please follow the detailed Help center instructions to transfer the files to supported eReaders.
This Management Guide provides guidance on why a technology provider should use the Open Trusted Technology Provider Standard (O-TTPS) – Mitigating the Risk of Tainted and Counterfeit Products (approved by ISO/IEC as ISO/IEC 20243:2015) and why they should consider certification to publicly register their conformance to the standard. The O-TTPS is the first standard with a certification program that specifies measurable conformance criteria for both product integrity and supply chain security practices. The standard defines a set of best practices that ICT providers should follow throughout the full life cycle of their products from design through disposal, including their supply chains, in order to mitigate the risk of tainted and counterfeit components. The introduction of tainted products into the supply chain poses significant risk to organizations because altered products can introduce the possibility of untracked malicious behavior. A compromised electronic component or piece of malware enabled software that lies dormant and undetected within an organization could cause tremendous damage if activated remotely. Counterfeit products can also cause significant damage to customers and providers resulting in rogue functionality, failed or inferior products, or revenue and brand equity loss. As a result, customers now need assurances they are buying from trusted technology providers who follow best practices with their own in-house secure development and engineering practices and also in securing their out-sourced components and their supply chains. This guide offers an approach to providing those assurances to customers. It includes the requirements from the standard and an overview of the certification process, with pointers to the relevant supporting documents, offering a practical introduction to executives, managers, and those involved directly in implementing the best practices defined in the standard.As the certification program is open to all constituents involved in a product’s life cycle this guide should be of interest to: • ICT provider companies (e.g. OEMs, hardware and software component suppliers, value-add distributors, and resellers),• Business managers, procurement managers, product managers and other individuals who want to better understand product integrity and supply chain security risks and how to protect against those risks and,• Government and commercial customers concerned about reducing the risk of damage to their business enterprises and critical infrastructures, which all depend heavily on secure ICT for their day-to-day operations.
This Management Guide provides guidance on why a technology provider should use the Open Trusted Technology Provider Standard (O-TTPS) – Mitigating the Risk of Tainted and Counterfeit Products (approved by ISO/IEC as ISO/IEC 20243:2015) and why they should consider certification to publicly register their conformance to the standard. The O-TTPS is the first standard with a certification program that specifies measurable conformance criteria for both product integrity and supply chain security practices. The standard defines a set of best practices that ICT providers should follow throughout the full life cycle of their products from design through disposal, including their supply chains, in order to mitigate the risk of tainted and counterfeit components. The introduction of tainted products into the supply chain poses significant risk to organizations because altered products can introduce the possibility of untracked malicious behavior. A compromised electronic component or piece of malware enabled software that lies dormant and undetected within an organization could cause tremendous damage if activated remotely. Counterfeit products can also cause significant damage to customers and providers resulting in rogue functionality, failed or inferior products, or revenue and brand equity loss. As a result, customers now need assurances they are buying from trusted technology providers who follow best practices with their own in-house secure development and engineering practices and also in securing their out-sourced components and their supply chains. This guide offers an approach to providing those assurances to customers. It includes the requirements from the standard and an overview of the certification process, with pointers to the relevant supporting documents, offering a practical introduction to executives, managers, and those involved directly in implementing the best practices defined in the standard.As the certification program is open to all constituents involved in a product’s life cycle this guide should be of interest to: • ICT provider companies (e.g. OEMs, hardware and software component suppliers, value-add distributors, and resellers),• Business managers, procurement managers, product managers and other individuals who want to better understand product integrity and supply chain security risks and how to protect against those risks and,• Government and commercial customers concerned about reducing the risk of damage to their business enterprises and critical infrastructures, which all depend heavily on secure ICT for their day-to-day operations.
The Open Group IT4IT Reference Architecture, Version 2.0, an Open Group Standard, provides a vendor-neutral, technology-agnostic, and industry-agnostic reference architecture for managing the business of IT.The Open Group IT4IT Reference Architecture standard comprises a reference architecture and a value chain-based operating model.The IT Value Chain has four value streams supported by a reference architecture to drive efficiency and agility. The four value streams are: Strategy to Portfolio Request to Fulfill Requirement to Deploy Detect to CorrectEach IT Value Stream is centered on a key aspect of the service model, the essential data objects (information model), and functional components (functional model) that support it. Together, the four value streams play a vital role in helping IT control the service model as it advances through its lifecycle. The IT4IT Reference Architecture: Provides prescriptive guidance on the specification of and interaction with a consistent service model backbone (common data model/context) Supports real-world use-cases driven by the Digital Economy (e.g., Cloud-sourcing, Agile, DevOps, and service brokering) Embraces and complements existing process frameworks and methodologies (e.g., ITIL®, CoBIT®, SAFe, and TOGAF®) by taking a data-focused implementation model perspective, essentially specifying an information model across the entire value chainThe audience for this standard is: IT Professionals who are responsible for delivering services in a way that isflexible, traceable, and cost-effective IT Professionals / Practitioners who are focused on instrumenting the ITmanagement landscape IT Leaders who are concerned about their operating model Enterprise Architects who are responsible for IT business transformationTopics covered include: An introduction to the standard and the purpose of the IT4IT work Key terminology of the standard An introduction for executives and others introducing the IT Value Chain and IT4IT Reference Architecture concepts IT4IT Core, which defines the structure of the IT4IT standard as well as the process and document structure used by the IT4IT standard The Strategy to Portfolio (S2P) Value Stream The Requirement to Deploy (R2D) Value Stream The Request to Fulfill (R2F) Value Stream The Detect to Correct (D2C) Value Stream Background information on the standard.
©2018 GoogleSite Terms of ServicePrivacyDevelopersArtistsAbout Google|Location: United StatesLanguage: English (United States)
By purchasing this item, you are transacting with Google Payments and agreeing to the Google Payments Terms of Service and Privacy Notice.