BS 7799/ISO 17799
Back to list
Fwd: Even log monitoring system
Sep 04 2006 01:26PM
shakti velu (shaktivelu88 gmail com)
How to measure the performance of ISMS?
Sep 05 2006 08:57AM
Artur Zebrowski (artzeb wp pl)
RE: How to measure the performance of ISMS?
Sep 05 2006 11:03AM
Paulo Coelho (pcoelho sinfic pt)
1. To implement an ISMS you need to establish metrics to measure the effectiveness of the security processes against the standard requirements, security policies and objectives.
You verify the compliance of the existing security practices with the controls of the standard before the ISMS certification (to produce the Statement of Applicability you will need to do so).
2. To define metrics of security process, check the ISM3 at http://www.ism3.com.
3. A practical idea is for each process define
(1) monitoring instruments (see ISM3 examples),
(2) evaluate each monitoring instruments with a value (update security plan values 20 points).
(3) establish a general objective for each process (eg. 300 points, which is the sum of all values of the monitoring instruments)
(4) define who, when and how for each monitoring instrument.
UEN SeguranÃ§a da InformaÃ§Ã£o
BS 7799 * ISO 17799 * ISO 27001
Consultoria â?? Auditoria â?? FormaÃ§Ã£o
Sinfic, S.A. www.Sinfic.com
From: Artur Zebrowski [mailto:artzeb (at) wp (dot) pl [email concealed]]
Sent: terÃ§a-feira, 5 de Setembro de 2006 9:57
To: bs7799 (at) securityfocus (dot) com [email concealed]
Subject: How to measure the performance of ISMS?
I am trying to develop metrics for the ISO 27001. There doesn't seem
to be much of consensus on how to go about it?
What do we need to measure - the effectiveness of the
controls or how many controls are being followed?
What is the best way to develop metrics and interpret them? What would you
[ reply ]
Copyright 2010, SecurityFocus