Defining and documenting cyber security metrics


The organisation regularly evaluates the level of cyber security and the effectiveness of the information security management system.

Organisation has defined:

  • monitored metrics to provide comparable results on the development of cyber security level
  • persons responsible for the metering
  • methods, timetable and responsible persons for metrics reviewing and evaluation
  • methods to document metric-related evaluations and results

Effective metrics should be usable for identifying weaknesses, targeting resources better and assessing organisation's success / failure related to cyber security.

Connected other frameworks and requirements:
7.2.1: Management responsibilities
ISO 27001
4 luku, 13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuus
9.1: Monitoring, measurement, analysis and evaluation
ISO 27001
No items found.