Expert Advice Community

Home / ISO 27001 & 22301 / How to set measurable security objectives?

Guest

How to set measurable security objectives?

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Feb 03, 2016 Last commented:   Feb 16, 2021

How to set measurable security objectives?

ISO 27001 & 22301
I want to ask about ISO27001 standard 6.2. How can we set (measurable) security objectives? Could you please share with me some examples?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Guest
Antonio Jose Segovia Feb 03, 2016

Answer:
The best way is setting security objectives which are easy to measure, and these objectives need to be Specific, Measurable, Achievable, Relevant and Time-based (it is known as S.M.A.R.T. objectives).

A basic example, related to the Business Continuity Plan: We want to reduce the time spent in the execution of the plan. If at the present it is executed in 5 hours, we want to reduce it to 4 hours, which is very easy to measure.

For more information and examples, please read this article “ISO 27001 control objectives – Why are they important?” : https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/

And maybe can be also interesting for you our online course “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0
Guest
Jerry Feb 16, 2021

Yes

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 03, 2016

Feb 16, 2021

Suggested Topics
Igor Created:   Apr 30, 2024 ISO 27001 & 22301
Replies: 0
0 0

Teleworking Policy and IT Security Policy
LindaK Created:   Jan 16, 2024 ISO 27001 & 22301
Replies: 2
0 0

Choose to Not implement a security control
ISO Created:   Dec 26, 2023 ISO 27001 & 22301
Replies: 1
0 0

Information Security Goals