Issuer Full Name
Information Warfare Site (IWS)
Meta Description
Information governance resource reference: Measuring the Effectiveness of Security using ISO 27001
ISO 27001 builds on BS 7799 with much more guidance on information security measurement and metrics. This paper complements the ISO/IEC standard for information security management systems by exploring: 1) security measurement objectives, 2) what security aspects should be measured, in terms of both process and effectiveness; 3) how controls should be measured; 3) how measurements can and should be used to provide "assurance" on the effectiveness?
The paper presents both a ISO 27001-aligned model for security measurement and concrete illustrations of how the model can be applied to demonstrate the effectiveness of security controls in business processes.