IMHO Between the two It should be the effectiveness of the controls.
But the problem is not what you measure but how you measure...
Also should we get into measuring effectiveness of the controls or is it the
overall security context that we should be concerned.. since 270001 is an
ISMS??
But the problem is not what you measure but how you measure...
Also should we get into measuring effectiveness of the controls or is it the
overall security context that we should be concerned.. since 270001 is an
ISMS??
Regar...
[ more ]