ISO 27001 is of little help
In deciding what to monitor and measure regarding your Information Security Management System (ISMS), ISO 27001 specifies no mandatory requirements (as emphasised in our ISO 27001 training courses). Thankfully, ISO 27004 provides guidelines and principles for measuring and reporting the effectiveness of an organisation's ISMS. The standard helps organisations to evaluate information security management processes, identify weaknesses, and take corrective actions.
This article will explore ISO 27004 and the importance of measuring information security effectiveness.
What is ISO 27004?
Why is measuring information security effectiveness important?
Mapping ISO 27001:2022 ve ISO 27004:2016
How to measure information security effectiveness?
Now it's your turn!
- ISO 27001:2022 - facts about the new version
- ISO 27001 Implementation in 31 Steps
- Free ISO 27001 Implementation Handbook (100+ pages)
deGRANDSON Global is an ISO Certified Educational Organization
In October 2021, we secured certification to three education-related ISO Standards. As a result, we now have a university-grade management system in place conforming to the requirements of …
We have chosen ISO 21001 certification because, unlike IRCA and Exemplar badges (which, in our opinion, are commercially compromised), it is based on independent third-party assessment. In addition, it is a ‘university grade’ standard in use globally by schools, colleges, and universities to demonstrate their competence.