Defining and documenting cyber security metrics

Critical
High
Normal
Low

The organisation regularly evaluates the level of cyber security and the effectiveness of the information security management system.

Organisation has defined:

  • monitored metrics to provide comparable results on the development of cyber security level
  • persons responsible for the metering
  • methods, timetable and responsible persons for metrics reviewing and evaluation
  • methods to document metric-related evaluations and results

Effective metrics should be usable for identifying weaknesses, targeting resources better and assessing organisation's success / failure related to cyber security.

Connected other frameworks and requirements:
7.2.1: Management responsibilities
ISO 27001
4 luku, 13 §: Tietoaineistojen ja tietojärjestelmien tietoturvallisuus
9.1: Monitoring, measurement, analysis and evaluation
ISO 27001
No items found.