ISO/IEC 27001 - How to measure the effectiveness of information security?

09/05/2017
0 Review(s)
How can you tell that your ISO/IEC 27001 information security management system (ISMS) is making a difference?

You simply can’t be too careful when it comes to information security. Protecting personal records and commercially sensitive information is critical. But how can you tell that your ISO/IEC 27001 information security management system (ISMS) is making a difference? A new ISO/IEC International Standard can help you out.

The recently updated ISO/IEC 27004:2016, Information technology – Security techniques – Information security management – Monitoring, measurement, analysis and evaluation, provides guidance on how to assess the performance of ISO/IEC 27001. It explains how to develop and operate measurement processes, and how to assess and report the results of a set of information security metrics.

Prof. Edward Humphreys, Convenor of the working group that developed the standard (ISO/IEC JTC 1/SC 27), says: “Cyber-attacks are among the greatest risks an organization can face. This is why the much improved version of ISO/IEC 27004 provides essential and practical support to the many organizations that are implementing ISO/IEC 27001 to protect themselves from the growing diversity of security attacks that business is facing today.”

Security metrics can provide insights regarding the effectiveness of an ISMS and, as such, have taken centre stage. Whether you’re an engineer or consultant responsible for security and reporting to management or an executive who needs better information for decision making, security metrics have become an important vehicle for communicating the state of an organization’s cyber-risk posture.

In Prof. Humphreys’ own words: “Organizations need help to address the question of whether the organization’s investment in information security management is effective, fit for purpose to react, defend and respond to the continually changing cyber-risk environment. This is where ISO/IEC 27004 can provide numerous advantages.”

ISO/IEC 27004:2016 shows how to construct an information security measurement programme, how to select what to measure, and how to operate the necessary measurement processes. It includes extensive examples of different types of measures, and how the effectiveness of these measures can be assessed.

Among the many benefits to organizations of using ISO/IEC 27004 are: 

·   Increased accountability

·   Improved information security performance and ISMS processes

·   Evidence of meeting requirements of ISO/IEC 27001, as well as applicable laws, rules and regulations 

ISO/IEC 27004:2016 replaces the 2009 edition; it has been updated and extended to align with the revised version of ISO/IEC 27001 to provide organizations with greater added value and confidence.

ISO/IEC 27004:2016 was developed by joint technical committee ISO/IEC JTC 1, Information technology, subcommittee SC 27, IT security techniques, whose secretariat is held by DIN, the ISO member for Germany. It is available from your national ISO member or through the ISO Store.

Source: www.iso.org

Related News

KMR (Korea Management Registrar) Signed MoU With EFQM about “Global Excellence Award”
KMR (Korea Management Registrar) Signed MoU With EFQM about “Global Excellence Award”
20/06/2018

20/06/2018 | 2785 Views

KMR certification body (Korea Management Registrar) recently signed an MoU with EFQM
Read more
DR. SUNG HWAN CHO OF KOREA TAKES NEW POSITION AS CHAIRMAN OF ISO COMMITTEE FROM JANUARY 2024
DR. SUNG HWAN CHO OF KOREA TAKES NEW POSITION AS CHAIRMAN OF ISO COMMITTEE FROM JANUARY 2024
16/01/2024

16/01/2024 | 1518 Views

In January 2024, Dr Sung Hwan Cho of the Republic of Korea took up his new position as ISO President. In this welcome message, he shares his thoughts on how ISO can increase its outreach to respond to current global challenges and the focus of his tenure for the coming two years.
Read more
FSSC 22000 issues 15,000th certificate
FSSC 22000 issues 15,000th certificate
12/06/2017

12/06/2017 | 6594 Views

Last week, FSSC 22000 has achieved a new milestone
Read more
7 Quality Management Principles - Part 2/2
7 Quality Management Principles - Part 2/2
05/01/2017

05/01/2017 | 16640 Views

The revious 8 Quality Management Principles have been revised and republiced as 7 within ISO 9001:2015
Read more
ISO 22000 CERTIFICATI PROCESS: A STRUCTURED ROADMAP FOR FOOD BUSINESSES
ISO 22000 CERTIFICATI PROCESS: A STRUCTURED ROADMAP FOR FOOD BUSINESSES
23/03/2026

23/03/2026 | 722 Views

In the context of increasingly strict controls on food safety and quality, ISO 22000 certification is not only a mandatory requirement of many partners but also a “passport” that enhances a company’s credibility and competitiveness in the market. However, many organizations still wonder: Where should implementation begin? How should it be carried out? How long does it take to achieve certification?
Read more
HOW LONG DOES ISO 22000 TAKE? PRACTICAL TIMELINE & EFFECTIVE IMPLEMENTATION TIPS
HOW LONG DOES ISO 22000 TAKE? PRACTICAL TIMELINE & EFFECTIVE IMPLEMENTATION TIPS
29/03/2026

29/03/2026 | 383 Views

During the implementation of ISO 22000 - Food Safety Management System (FSMS), one of the most common questions organizations ask is: “How long does it take to achieve ISO 22000 certification?” In practice, the implementation timeline is not fixed. It depends on several factors such as organizational size, level of system readiness, and internal resources.
Read more
TOP 5 BENEFITS OF ISO 22000 THAT HELP BUSINESSES GROW RAPIDLY
TOP 5 BENEFITS OF ISO 22000 THAT HELP BUSINESSES GROW RAPIDLY
25/03/2026

25/03/2026 | 290 Views

Many businesses implement ISO 22000 solely with the goal of “meeting requirements” to satisfy partners or regulatory authorities. However, when properly understood and systematically applied, ISO 22000 is not just a formal certification, but also a strategic tool that enables businesses to develop sustainably, enhance competitiveness, and achieve rapid growth in the market.
Read more
BUILDING A SUSTAINABLE PATH TO ESG REPORTING
BUILDING A SUSTAINABLE PATH TO ESG REPORTING
31/10/2024

31/10/2024 | 584 Views

An effective ESG report not only helps businesses enhance their social and environmental responsibility but also strengthens their brand position in the marketplace.
Read more
ISO 14001:2026 – ENVIRONMENTAL MANAGEMENT SYSTEMS OFFICIALLY PUBLISHED ON 15 APRIL 2026
ISO 14001:2026 – ENVIRONMENTAL MANAGEMENT SYSTEMS OFFICIALLY PUBLISHED ON 15 APRIL 2026
15/04/2026

15/04/2026 | 500 Views

According to official information from the International Organization for Standardization (ISO), the ISO 14001:2026 – Environmental Management Systems standard was formally published on 15 April 2026, replacing the current ISO 14001:2015 version.
Read more
Comment
  • Your review
  • Home/
  • ISO NEWS/
  • ISO/IEC 27001 - How to measure the effectiveness of information security?

Copyright © 2016 KMR Viet Nam Co., LTD. All Rights Reserved.

main.booking