Guest user Created: Feb 03, 2016 Last commented: Feb 16, 2021

How to set measurable security objectives?

I want to ask about ISO27001 standard 6.2. How can we set (measurable) security objectives? Could you please share with me some examples?

0 0

Assign topic to the user

Select user

Guest

Antonio Jose Segovia Feb 03, 2016

Answer:
The best way is setting security objectives which are easy to measure, and these objectives need to be Specific, Measurable, Achievable, Relevant and Time-based (it is known as S.M.A.R.T. objectives).

A basic example, related to the Business Continuity Plan: We want to reduce the time spent in the execution of the plan. If at the present it is executed in 5 hours, we want to reduce it to 4 hours, which is very easy to measure.

For more information and examples, please read this article “ISO 27001 control objectives – Why are they important?” : https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/

And maybe can be also interesting for you our online course “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Guest

Jerry Feb 16, 2021

Yes

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 03, 2016

Feb 16, 2021

Expert Advice Community