ISMS: Controls and measures
Assign topic to the user
Controls are procedures, equipments or technologies used to handle a risk, while measurements are the action to assign values to a characteristic of an object or event, which can be compared with other objects or events. Broadly speaking, control is what you do to handle a risk, and measurement is what you to to obtain a value representing the result you get by the application of a control.
But you have to take care with the word "measure / measures", because they either can mean the value you attribute to something (the result of a measurement) or control (the meaning will depend of the context where the word is considered).
As for the question, if all servers have these hardening guide applied – is this the control or is it just an audit - it is important to understand that an audit is some kind of control (a management control), used to ensure the controls used to handle the risks are being properly performed.
This article will provide you further explanati on about measurements:
- How to perform monitoring and measurement in ISO 27001 https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/
Comment as guest or Sign in
Mar 04, 2018