The Open Group Library

Information Security Management (O-ISM3, TOGAF®, and SABSA®)

Information Security Management (O-ISM3, TOGAF®, and SABSA®)

Reference: W133


Availability: Available to download

Combining The Open Group Standards, O-ISM3 and TOGAF®, with the SABSA® Framework.


The Open Group Information Security Management Maturity Model (O-ISM3) defines a range of security control processes for selective deployment in an enterprise’s Information Security Management System (ISMS) to meet specific ISMS business targets. Each process provides metrics feedback on how effectively it plays its part in meeting the ISMS targets.

This White Paper explains to Enterprise and Security Architects using the TOGAF standard and SABSA framework how the O-ISM3 standard is a valuable resource for aligning security management to the business goals of their ISMS, and also to Operational Security Managers on understanding how the linkage between upstream architecture/design work and downstream operations can be used to influence architects and designers to provide the most optimal security management capabilities and solutions.

It assumes the reader has a good understanding of the TOGAF standard and SABSA framework and the O-ISM3 standard.

Additional Information

Additional Information

Reference W133
Author(s) The Security Forum, a Forum of The Open Group
Published 23 Jul 2013
Type White Papers
Subject Security