Expert Advice Community

Guest

Defining KRI's for Risks

  Quote
Guest
Bills Created:   Dec 31, 2019 Last commented:   Jan 05, 2020

Defining KRI's for Risks

Hi 

I have a risk register that I am maintaining for ISMS. I have different types of risks which are defined in the risk register. Now I need to define KRI for each risk. How can I do it as it will be a lengthy process and I have never done it before? For this practice, I need to analyze each risk in the risk register for measurable metric which is a difficult task. Please advise how can I do it in a simple way.

Thanks

 

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 02, 2020

First, it is important to note that ISO 27001 does not require the definition of Key Risk Indicators (KRIs). For performance evaluation, you should consider metrics related to processes and/or assets to which the most relevant risks are related to.

For a selection of indicators you should consider these criteria:
- Business relevant: the indicator should be aligned to clear business objectives or legal requirements, for example, the Return On Security Investment (ROSI).
- Process integrated: activities to collect the necessary data for a KPI should add the least amount of work possible.
- Assertive: the indicator should be capable of pinpointing relevant issues, for example, a KPI related to the number of failed login attempts explicitly limits the scope to the login process.

These articles will provide you a further explanation about key performance indicators for ISO 27001:
- Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/
- How to perform monitoring and measurement in ISO 27001 https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/

Quote
0 0
Guest
Bills Jan 05, 2020

Dear Rhand

Thanks for the reply and advise

 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 31, 2019

Jan 05, 2020