Measuring the Effectiveness of Security Using ISO 27001

Whilst the intentions and objectives behind ISO/IEC 27001:2005 (ISO 27001) aren't dramatically different to those in BS 7799- 2:2002, one of the changes with the biggest potential impact to organisations is the requirement to measure the effectiveness of selected controls - or groups of controls - within the new. This new requirement not only demands that businesses specify how these measurements are to be used to assess 'Control' effectiveness (there are now 133 Controls in the new standard), but also how to measure the selected controls' effectiveness.

Provided by: Siemens Topic: Tech & Work Date Added: Feb 2007 Format: PDF

Find By Topic