Guest user Created: Apr 12, 2017 Last commented: Apr 12, 2017

Measuring control effectiveness

Lets say that for example my company does not have any IDS system, how could i measure for example the probability of breach, and after implementing for example 2 factor authentication how would i measure the effectivness?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Apr 12, 2017

Answer: Without relying on an IDS system, the best option to measure the probability of breach, or improvements on security by implementing new controls like 2 factor authentication, would be by performing periodic penetration tests and/or vulnerability assessments. They can provide an snapshot of your situation and help you manage potential risk.

This article will provide you further explanation about penetration test and vulnerability assessment:
- How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/
- How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/

These materials will also help you regarding penetration test and vulnerability assessment:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 11, 2017

Expert Advice Community