How to set measurable security objectives?
Assign topic to the user
Answer:
The best way is setting security objectives which are easy to measure, and these objectives need to be Specific, Measurable, Achievable, Relevant and Time-based (it is known as S.M.A.R.T. objectives).
A basic example, related to the Business Continuity Plan: We want to reduce the time spent in the execution of the plan. If at the present it is executed in 5 hours, we want to reduce it to 4 hours, which is very easy to measure.
For more information and examples, please read this article “ISO 27001 control objectives – Why are they important?” : https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
And maybe can be also interesting for you our online course “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 16, 2021