FCS security governance critical success factor
What measure indicate me a risk of failure on governance ISMS , for example
The number of communications from board of directors relating to information security or % of board meetings that did not address security issues
what else can i indicate , thank you
Assign topic to the user
Considering ISO 27014, the ISO standard for Governance of Information Security, the governance of information security is a system for control and direction of information security activities.
Considering that, examples of measurements to identify failure to control and direct information security activities are:
- low number of business strategies supported by information security initiatives
- low number of controls achieving proposed objectives
- high number of information security incidents
- no achievement of proposed objectives for the ISMS
The measurements you proposed are mainly focused on management activities, and these cannot ensure the expected results for information security are achieved (e.g., all meetings can address security issues, but no one of them is effectively resolved over time).
Comment as guest or Sign in
Nov 05, 2020