An ISO/IEC 27001:2013-compliant information security management system (ISMS) must be regularly measured to ensure that it is effective and performing as intended.
Although Clause 9.1 of the Standard specifies how to go about measuring the ISMS, it can still prove a complex and overwhelming task.
In this green paper, discover:
- Which controls you should measure.
- How to measure controls correctly.
- What does a proactive effectiveness measurement look like?
- How to create a measurement strategy
- How to measure the overall effectiveness of an ISMS.