Search in ISMS Guides


Wednesday, July 25, 2007

Why does ISM3 have maturity levels? Won't it make everything be more complicated and confusing ?

Security and invulnerability shouldn’t be mistaken. One-size-fits all approaches don’t always suit organizations with different missions, contexts and resources. Different levels of maturity let them choose a baseline for their initial ISM, and the rest of the levels serve as milestones to higher (and more resource-consuming) ISM3 Levels as the organization evolves. Organization that can only afford investing 20% (achieving 80% of results), can show that they are doing everything reasonable, the first step to doing everything possible.


No comments: