One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 1495734 |
| Date de publication | 2019-12-20 12:49:52 (vue: 2020-01-03 15:00:04) |
| Titre | NBlog Dec 20 - ISO27k maturity metric |
| Texte | Yesterday I completed the "universal KPI" metrics paper for January's ISO27k awareness module. The finished article uses the management system requirements from the main body of ISO/IEC 27001, followed by the security controls in Annex A or ISO/IEC 27002 (mostly), as the basis for measuring an organization's ISMS. Here's a little taster (click to enlarge): I have added a few supplementary controls and scoring criteria in areas where I feel '27002 falls short of current good practice e.g. policy management, business continuity and compliance. At some future point, I will add IoT, cloud security and perhaps other controls for the same reason. One of the advantages of this style of metric is that it's straightforward to maintain, such as updating or adding new scoring criteria, ideally in such a way that prior scores remain valid.As it is, it's already a lengthy, detailed paper - a 37-page Word document with two tables in landscape format containing ~13,000 words plus a page of instructions. I'm itching to try this out in earnest, so if you know of anyone looking for an ISMS internal audit, ISO27k gap analysis, benchmark or review, or simply looking for a pragmatic infosec maturity metric, please get in touch.PS This metric scores well on the PRAGMATIC metametric scale, naturally, since it is predictive, relevant, actionable, cost-effective, independently verifiable etc.PPS The metric has value for:Reviewing and evaluating an organization's information risk and security management practicesReviewing and evalua |
| Envoyé | Oui |
| Condensat | here please policy the 000 27001 27002 actionable add added adding advantages against already analyses analysis annex anyone areas article audit audits awareness basis benchmark benchmarking body business checking click cloud completed compliance concern containing continuity contrasting controls controlscomparing cost coverage criteria current dec depth detailed document driving earnest effective enabling enlarge etc evaluating evaluation expanding falls feel finished followed for:reviewing format from future gap get good governance guiding has have high ideally implement improvements independently information infosec initially instructions internal iot isms ismssroutine iso/iec iso27k itching january justifying know kpi landscape lengthy little looking low main maintain management matrix maturity measuring metametric metric metrics module more mostly naturally nblog new one operational organization organizations other out page paper particular partners perhaps planning plus point potential pps practice practices practicesreviewing pragmatic predictive prior prioritizing ps quality reason relevant remain reporting requirements review reviews risk same scale scoping scorersassessing scores scoring security shared short simply since some standards status straightforward style such supplementary suppliers system tables takeover targets taster touch try two units universal updating uses valid value verifiable way well when where will word words yesterday ~13 |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.