Guest
How to set measurable security objectives?
I want to ask about ISO27001 standard 6.2. How can we set (measurable) security objectives? Could you please share with me some examples?
Assign topic to the user
Guest
Antonio Jose Segovia
Feb 03, 2016
Answer:
The best way is setting security objectives which are easy to measure, and these objectives need to be Specific, Measurable, Achievable, Relevant and Time-based (it is known as S.M.A.R.T. objectives).
A basic example, related to the Business Continuity Plan: We want to reduce the time spent in the execution of the plan. If at the present it is executed in 5 hours, we want to reduce it to 4 hours, which is very easy to measure.
For more information and examples, please read this article “ISO 27001 control objectives – Why are they important?” : https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
And maybe can be also interesting for you our online course “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Feb 03, 2016
Feb 16, 2021
Feb 16, 2021