IMPLEMENTATION OF MANAGEMENT STANDARDS
0700 12 070
Home|News | How to meas...
Your rating 0 from 0 votes


How to measure the effectiveness of Information Security?

How to measure the effectiveness of Information Security?
You simply can’t be too careful when it comes to information security. Protecting personal records and commercially sensitive information is critical. But how can you tell that your ISO/IEC 27001 information security management system (ISMS) is making a difference? A new ISO/IEC International Standard can help you out.
The recently updated ISO/IEC 27004:2016, Information technology – Security techniques – Information security management – Monitoring, measurement, analysis and evaluation, provides guidance on how to assess the performance of ISO/IEC 27001. It explains how to develop and operate measurement processes, and how to assess and report the results of a set of information security metrics.

Security metrics can provide insights regarding the effectiveness of an ISMS and, as such, have taken centre stage. Whether you’re an engineer or consultant responsible for security and reporting to management or an executive who needs better information for decision making, security metrics have become an important vehicle for communicating the state of an organization’s cyber-risk posture.

ISO/IEC 27004:2016 shows how to construct an information security measurement programme, how to select what to measure, and how to operate the necessary measurement processes. It includes extensive examples of different types of measures, and how the effectiveness of these measures can be assessed.

Among the many benefits to organizations of using ISO/IEC 27004 are:
  • Increased accountability
  • Improved information security performance and ISMS processes
  • Evidence of meeting requirements of ISO/IEC 27001, as well as applicable laws, rules and regulations
ISO/IEC 27004:2016 replaces the 2009 edition; it has been updated and extended to align with the revised version of ISO/IEC 27001 to provide organizations with greater added value and confidence.

Source: iso.org
TAGS
ISO/IEC 27004 ISO/IEC 27001 ISO 27001 procedures ISO 27001 audit Information security management systems Information security Cybersecurity
News
27
02.24
Amendment 1: Climate action changes
Late last week, the International Organization for Standardization (ISO) announc...
05
02.24
Differences between NIS and NIS 2 directives
The European Union's cybersecurity rules, introduced in 2016, have been upda...
Accents
10
08.23
Standards for the protection of automotive security
The automotive industry has changed rapidly in recent years with the advent ...
28
07.23
WLA Security Control Standard - security controls in the lottery industry
The WLA Security Control Standard (WLA SCS) is an information security managemen...

Implementation of management standards

CONSEJO EOOD is a consulting company formed by a team of consultants with over 15 years of experience in management systems in the field of international standards. The focus of the company is the provision of consulting services in the development and implementation of management systems that meet the requirements of international standards for quality, the environment, safe working conditions, information security, good production practices based on international standards: ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 27001, IFS Food, HACCP and others.

The CONSEHO team has participated in the realization of projects in all branches of the economy. The projects implemented by the CONSEHO team are over 1000, in the fields of production and design, construction, trade, information and communication technologies, transport and forwarding, hotel and restaurant industry, special production, energy, design, food industry, services, etc. The company has established a strict procedure for monitoring the compliance with the agreed requirements with the clients, both the terms of the contracts and the quality of service performance. The established working style of the company consists of developing real management systems together with our customers, on the basis of conducting multiple trainings and providing full assistance in the implementation process. Through its approach to work, CONSECO ensures and guarantees trouble-free certification of the built systems in extremely short terms.

See more
Partners
https://neterra.net/
https://www.gromahold.bg/dejnosti/
https://www.oktaxi.net/
https://www.softwaregroup.com/
https://www.scorpion-shipping.net/
https://www.dundeeprecious.com/
https://www.mumnet.com/
https://www.brenntag.com/
https://www.yettel.bg/
https://www.cetinbg.bg/
https://www.dhl.com/bg-en/home.html
https://ciela.bg/
https://datecs.bg/
https://bse-sofia.bg/
https://biseroliva.bg/
https://stemo.bg/bg/
https://www.enco-vending.com/
https://toto.bg/
https://www.geotechmin.com/biznes-napravleniya/minnodobivna-deinost/elatzite-med-ad
https://multiforce.bg/
https://www.ip-arch.com/
http://www.aviationservices.bg/
https://vipsecurity.bg/
https://etemgestamp.com/
https://www.orbit.bg/bg/
https://www.devin-bg.com/
https://next-consult.com
https://rdservices.org/
https://www.unimasters.com/bg_BG/
https://vp-brands.com/
https://cashcredit.bg/
https://www.office1.bg/
https://techno-class.com/
https://sportal.bg/