Guest user Created: Feb 04, 2016 Last commented: Feb 04, 2016

Documenting the measurement of controls

I need a sample information security metrics sheet ..... As we are aware .... ISO 27001:2013 demands " documented " information on what controls the organization selects how u measure them and how they ultimately help to achieve the defined infosec objectives. I kindly request you to help me with Procedure document for Information Security Metrics and Measurement and associated template / XLS file for same.

0 0

Assign topic to the user

Select user

Expert

Dejan Kosutic Feb 04, 2016

Answer:

The easiest way to document the measurement is to define the information security objectives for each control (or group of controls) through the Statement of Applicability, and then regularly review if those objectives are achieved - this can be done through the Management meeting minutes, and no other documents are needed. For a smaller company, this approach is the best because it doesn't require too many documents.

There materials will also help you:
- article How to perform monitoring and measurement in ISO 27001 https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/
- a rticle ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
- article Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/
- webinar ISO 27001 and ISO 27004: How to measure the effectiveness of information security? https://advisera.com/27001academy/webinar/iso-27001-iso-27004-measure-effectiveness-information-security-free-webinar/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 04, 2016

Expert Advice Community