Difference between guideline and measure
Assign topic to the user
Answer: I'm assuming that by "measure"you are referring to "security measure". Considering that, a "measure" is a control to treat the risk, while a "guideline" is an orientation about how to implement that control. For example, backup is a measure to treat the risk "loss of data due to hardware failure", while a guideline is the orientation that backup media should be regularly tested to ensure it is ready to use if required.
ISO 27001 provides security measures in the form of security controls listed in the Annex A, while implementation guidelines are provided in the ISO 27002 standard.
These articles will provide you further explanation about security measures and guidelines:
- 4 mitigation options in risk treatment according to ISO 27001 https://advisera.com/27001academy/blog/2016/05/16/4-mitigation-options-risk-treatment-according-iso-27001/
- ISO 27001 vs. ISO 27002 https://advisera.com /27001academy/knowledgebase/iso-27001-vs-iso-27002/
These materials will also help you regarding security measures and guidelines:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Nov 16, 2017