Monitoring and reporting for security metric?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Answer:
From my point of view, the monitoring for security metric, simply means that you are watching something related to the metric (devices, applications, values, etc) with the purpose of being aware of its state, but furthermore you need to do measurement, which means that you need to assign values to something based on predefined dimensions and unit. For example, if you have a security metric for the backups, you can monitor the software that perform the backups, and measure the information related to the backups (% of fail backups, % of success backups, etc).
The reporting simply means that you inform about the results of the security metric to other parties, for example, to the top management of the organization, or even to external parties.
For more information about the monitoring and measurement, please read this article “How to perform monitoring and measurement in ISO 27001” : https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/
Finally, our online course can be also interesting for you, because we give more information about the monitoring and measurement “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Apr 21, 2016