LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Information Security Objective and how to measure it?

  Quote
Guest
Dimaz Maulana Created:   Feb 14, 2017 Last commented:   Feb 16, 2017

Information Security Objective and how to measure it?

Based on ISO 27001 clause 6.2 The organization shall establish information security objectives at relevant functions and levels. From point a to j. Do you have example to suggest about objective on implementating information security, because on toolkit its only 1 line example of objective. thank you
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 16, 2017
I suggest you to take a look at the article ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/

It has many examples that can help you cover points a to j from ISO 27001 clause 6.2. Here is one example presented according them:

Objective: We want to decrease the number of information security incidents by 50% in the next year.

a) Consistency with the information security policy: reduction of information security incidents is appropriate for the purpose of any organization, as demanded by information security policy requirements.
b) Measurable: It is possible to count the number of security incidents.
c) take into account information security requirements, and results from risk assessment and risk treatment: the reduction of 50% in the number of information security inbcidents can be related to the residual risk, one of the results of risk treatment plan.
d) Communication: From the text you can expect that at least at the end of the next year the results should be communicated for evaluation.
e) be updated as appropriate: this is more related to the inclusion of the objective evaluation at management review, so you should verify if the management procedure review included security objectives as one of its inputs

Other items from f to j are more related to performance measurement, something you can solve with a simple 5W2H model.

This article will provide you further explanation about security objectives:
- How to perform monitoring and measurement in ISO 27001 https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/

These materials will also help you regarding security objectives:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://training.advisera.com/course/iso-27001-foundations-course/
Quote
0 2

Comment as guest or Sign in

HTML tags are not allowed

Feb 14, 2017

Feb 16, 2017

Suggested Topics