Information Security Risk Metrics
Assign topic to the user
Answer: There is no specific answer for this question, because each organization has an unique context (e.g., competitors, customers, legal requirements, risk appetite, etc.) that will define its security objectives, and after them, which risks should be monitored through indicators. For example, for an Internet-based business, a security objective may be system's uptime, and a risk indicator could be the number of discovered zero-day vulnerabilities that can result in infrastructure downtime.
These articles will provide you further explanation about control objectives and key indicators:
- ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
- Key performance indicators for an ISO 27001 ISMS https://advisera.com/27001academy/blog/2016/02/01/key-performance-indicators-for-an-iso-27001-isms/
These materials will also help you regarding control objectives an d key indicators:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Sep 05, 2017