|
|
BS 7799/ISO 17799
Fwd: Even log monitoring system Sep 04 2006 01:26PM shakti velu (shaktivelu88 gmail com) (1 replies) How to measure the performance of ISMS? Sep 05 2006 08:57AM Artur Zebrowski (artzeb wp pl) (1 replies) |
|
Privacy Statement |
1. To implement an ISMS you need to establish metrics to measure the effectiveness of the security processes against the standard requirements, security policies and objectives.
You verify the compliance of the existing security practices with the controls of the standard before the ISMS certification (to produce the Statement of Applicability you will need to do so).
2. To define metrics of security process, check the ISM3 at http://www.ism3.com.
3. A practical idea is for each process define
(1) monitoring instruments (see ISM3 examples),
(2) evaluate each monitoring instruments with a value (update security plan values 20 points).
(3) establish a general objective for each process (eg. 300 points, which is the sum of all values of the monitoring instruments)
(4) define who, when and how for each monitoring instrument.
Cheers,
Paulo Coelho
Consultor
UEN Segurança da Informação
BS 7799 * ISO 17799 * ISO 27001
Consultoria â?? Auditoria â?? Formação
Sinfic, S.A. www.Sinfic.com
-----Original Message-----
From: Artur Zebrowski [mailto:artzeb (at) wp (dot) pl [email concealed]]
Sent: terça-feira, 5 de Setembro de 2006 9:57
To: bs7799 (at) securityfocus (dot) com [email concealed]
Subject: How to measure the performance of ISMS?
I am trying to develop metrics for the ISO 27001. There doesn't seem
to be much of consensus on how to go about it?
What do we need to measure - the effectiveness of the
controls or how many controls are being followed?
What is the best way to develop metrics and interpret them? What would you
suggest?
Artur Żebrowski
[ reply ]