In the Information Security Management Maturity Model (ISM3) what Specific Practice: Operational Management is OSP-17?
- Environment Hardening
- Access Control
- User Registration
- Malware Protection Management
EXPLANATION
The Information Security Management Maturity Model (ISM3, or ISM-cubed) extends ISO9001 quality management principles to information security management (ISM) systems. Rather than focusing on controls, it focuses on the common processes of information security, which are shared to some extent by all organisations. (http://isms-guide.blogspot.com/2007/07/what-is-ism3.html)OSP-17 is the Specific Practice: Operational Management (Specific Practices are the breakdown of the ISM3 systems) So this refers to the 17th Operational Management system.
Operational Management 17 - This is a set of security measures to provide protection against technical threats such as viruses, spyware, trojans, backdoors, keyloggers, rootkits and other unauthorized services.
Incidents relating to the infection of internal assets with Malware can be prevented and mitigated by an appropriate Malware protection process.