Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

Defining and documenting cyber security metrics


The organisation regularly evaluates the level of cyber security and the effectiveness of the information security management system.

Organisation has defined:

  • monitored metrics to provide comparable results on the development of cyber security level
  • persons responsible for the metering
  • methods, timetable and responsible persons for metrics reviewing and evaluation
  • methods to document metric-related evaluations and results

Effective metrics should be usable for identifying weaknesses, targeting resources better and assessing organisation's success / failure related to cyber security.

Connected other frameworks and requirements:
4 luku, 13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuus
7.2.1: Management responsibilities
ISO 27001
9.1: Monitoring, measurement, analysis and evaluation
ISO 27001
No items found.