NIST framework
I am working on a project to provide an easy to use yet comprehensive approach for supporting boards to monitor their cyber risk responsibilities. We are thinking of using the NIST framework as a base because of it simplicity and fitting a set of best practices around it. You do such a great job of simplifying the complexity of ISO. Is there a slimed down set of practices based on ISO standards we might consider? Thanks!!!
Assign topic to the user
I'd suggest you t take a look at ISO 27004 (https://www.iso.org/standard/64120.html), a supporting standard that provides guidelines to help organizations in evaluating the performance and the effectiveness of an ISMS.
These articles will provide you a further explanation about performance evaluation:
- Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
Comment as guest or Sign in
May 19, 2020