ISO/IEC 27001 - How to measure the effectiveness of information security?

09/05/2017
0 Review(s)
How can you tell that your ISO/IEC 27001 information security management system (ISMS) is making a difference?

You simply can’t be too careful when it comes to information security. Protecting personal records and commercially sensitive information is critical. But how can you tell that your ISO/IEC 27001 information security management system (ISMS) is making a difference? A new ISO/IEC International Standard can help you out.

The recently updated ISO/IEC 27004:2016, Information technology – Security techniques – Information security management – Monitoring, measurement, analysis and evaluation, provides guidance on how to assess the performance of ISO/IEC 27001. It explains how to develop and operate measurement processes, and how to assess and report the results of a set of information security metrics.

Prof. Edward Humphreys, Convenor of the working group that developed the standard (ISO/IEC JTC 1/SC 27), says: “Cyber-attacks are among the greatest risks an organization can face. This is why the much improved version of ISO/IEC 27004 provides essential and practical support to the many organizations that are implementing ISO/IEC 27001 to protect themselves from the growing diversity of security attacks that business is facing today.”

Security metrics can provide insights regarding the effectiveness of an ISMS and, as such, have taken centre stage. Whether you’re an engineer or consultant responsible for security and reporting to management or an executive who needs better information for decision making, security metrics have become an important vehicle for communicating the state of an organization’s cyber-risk posture.

In Prof. Humphreys’ own words: “Organizations need help to address the question of whether the organization’s investment in information security management is effective, fit for purpose to react, defend and respond to the continually changing cyber-risk environment. This is where ISO/IEC 27004 can provide numerous advantages.”

ISO/IEC 27004:2016 shows how to construct an information security measurement programme, how to select what to measure, and how to operate the necessary measurement processes. It includes extensive examples of different types of measures, and how the effectiveness of these measures can be assessed.

Among the many benefits to organizations of using ISO/IEC 27004 are: 

·   Increased accountability

·   Improved information security performance and ISMS processes

·   Evidence of meeting requirements of ISO/IEC 27001, as well as applicable laws, rules and regulations 

ISO/IEC 27004:2016 replaces the 2009 edition; it has been updated and extended to align with the revised version of ISO/IEC 27001 to provide organizations with greater added value and confidence.

ISO/IEC 27004:2016 was developed by joint technical committee ISO/IEC JTC 1, Information technology, subcommittee SC 27, IT security techniques, whose secretariat is held by DIN, the ISO member for Germany. It is available from your national ISO member or through the ISO Store.

Source: www.iso.org

Related News

TL 9000:2016 Requirements Handbook (R6) Available NOW!!
TL 9000:2016 Requirements Handbook (R6) Available NOW!!
21/11/2016

21/11/2016 | 6992 Views

The Integrated Global Quality (IGQ) Working Group has recently completed content changes on a new revision of the TL 9000 Requirements Handbook, TL 9000:2016 (R6).
Read more
Preparing for an Audit
Preparing for an Audit
23/04/2020

23/04/2020 | 5706 Views

Preparing for an audit is a very important step for your organization. The external audit from a 3rd party registrar is the final step before your organization receives certification to ISO 9001.
Read more
ANNOUNCEMENT OF COMPANY NAME CHANGE SINCE 05 APRIL 2017
ANNOUNCEMENT OF COMPANY NAME CHANGE SINCE 05 APRIL 2017
05/04/2017

05/04/2017 | 6567 Views

Tổ chức chứng nhận KMAR Việt Nam chính thức đổi tên công ty thành KMR Việt Nam kể từ ngày 05/04/2017
Read more
ISO NAME AND LOGO
ISO NAME AND LOGO
05/08/2020

05/08/2020 | 11176 Views

The following article helps you understand correctly and more fully about ISO and ISO certifications.
Read more
CARBON NEUTRAL VS NET ZERO: WHAT’S IN IT FOR BUSINESS?
CARBON NEUTRAL VS NET ZERO: WHAT’S IN IT FOR BUSINESS?
05/10/2023

05/10/2023 | 778 Views

Net Zero is our strongest tool yet against the climate crisis. The transition to Net Zero emissions presents a compelling solution that offers not only environmental benefits but also economic, social and health advantages.
Read more
ISO 45001:2016 - Occupational health and safety
ISO 45001:2016 - Occupational health and safety
18/11/2016

18/11/2016 | 8831 Views

ISO 45001 is an International Standard that specifies requirements for an occupational health and safety (OH&S) management system, with guidance for its use, to enable an organization to proactively improve its OH&S performance in preventing injury and ill-health.
Read more
GLOBAL RISKS IN A COVID-19 WORLD
GLOBAL RISKS IN A COVID-19 WORLD
06/04/2021

06/04/2021 | 994 Views

Here we look at some of the top risks highlighted in the report and how we can address and prepare for them, for a more sustainable post-pandemic world.
Read more
New standard helps SMEs get ahead with ISO 14001
New standard helps SMEs get ahead with ISO 14001
22/05/2019

22/05/2019 | 3689 Views

Implementing an environmental management system (EMS) based on ISO 14001 might seem like a big task, but that doesn’t mean it is just for the bigger players in the market. Breaking it down into phases is the key.
Read more
KMR HAPPY NEW YEAR 2025 AND ANNOUNCE LUNAR NEW YEAR HOLIDAY
KMR HAPPY NEW YEAR 2025 AND ANNOUNCE LUNAR NEW YEAR HOLIDAY
23/01/2025

23/01/2025 | 742 Views

KMR VN would like to announce the 2025 Lunar New Year holiday schedule!
Read more
Comment
  • Your review
  • Home/
  • ISO NEWS/
  • ISO/IEC 27001 - How to measure the effectiveness of information security?

Copyright © 2016 KMR Viet Nam Co., LTD. All Rights Reserved.