KPI and metrics
Assign topic to the user
Answer:
Generally all KPI / metrics can be measured and reported directly on ISO 27001 or ISO 22301, although ISO 27001:2013 does not require you to use KPIs.
Some examples of metrics that are established to measure the effectiveness of security controls implemented are related to the backups, incidents, asset inventory, policy review, etc.
These articles can be interesting for you:
“How to perform monitoring and measurement in ISO 27001” : https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/
"ISO 27001 control objectives - Why are they important?” : https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/
By the way, our online course can be interesting for you because we give more information about metrics “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
May 18, 2016