I have set this as an information security objective, kindly critique it for improvement.
To enhance CIA of information by reviewing information security risks and controls on quarterly basis.
Assign topic to the user
Please note that the CIA is the means by which you work on to improve information security, so you should not define them as Information Security Objectives. Additionally, this objective is not measurable.
Examples you can consider are:
- decrease the impact and/or number of information security incidents
- increase revenue
- win a new customer
- increase market share
This article will provide you a further explanation about security objectives:
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
Comment as guest or Sign in
Oct 21, 2020