Take the ISO 27001 course exam and get the
EU GDPR course exam for free
LIMITED-TIME OFFER – ENDS SEPTEMBER 29, 2022

Expert Advice Community

Guest

ISO 27001 measurement

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

ISO 27001 measurement

I was considering the measurement and effectiveness bit of the ISO 27001:2013 standard and i am having problems wrapping my head around it. Kindly advice on the best way to prepare a document for the external auditors on what needs to be measured and how to measure it or if possible a sample template i can work with.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
DejanK Jan 12, 2016

Basically you need to measure the achievement of the objectives of security, and the effectiveness of the security controls. To do this, you need metrics, and you can define each one with these fields: Name of the metrics, description, calculation formula, threshold value, objective value, measuring frequency, source, and responsible for the manage of the metric.

You'll find these materials helpful:

Article ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
Webinar ISO 27001 and ISO 27004: How to measure the effectiveness of information security? https://advisera.com/27001academy/webinar/iso-27001iso-22301-the-certification-process-free-webinar/01-iso-27004-measure-effectiveness-information-security-free-webinar/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics