Skip to content
Please enter a keyword to search

  • BS ISO/IEC 27004:2016

    Current The latest, up-to-date edition.

    Information technology. Security techniques. Information security management. Monitoring, measurement, analysis and evaluation

    Available format(s):  Hardcopy, PDF

    Language(s):  English

    Published date:  31-12-2016

    Publisher:  British Standards Institution

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    Foreword
    Introduction
    1 Scope
    2 Normative references
    3 Terms and definitions
    4 Structure and overview
    5 Rationale
    6 Characteristics
    7 Types of measures
    8 Processes
    Annex A (informative) - An information security measurement model
    Annex B (informative) - Measurement construct examples
    Annex C (informative) - An example of free-text form
            measurement construction
    Bibliography

    Abstract - (Show below) - (Hide below)

    Gives guidelines intended to assist organizations in evaluating the information security performance and the effectiveness of an information security management system in order to fulfil the requirements of ISO/IEC 27001:2013, 9.1.

    Scope - (Show below) - (Hide below)

    This document provides guidelines intended to assist organizations in evaluating the information security performance and the effectiveness of an information security management system in order to fulfil the requirements of ISO/IEC27001:2013, 9.1. It establishes: the monitoring and measurement of information security performance; the monitoring and measurement of the effectiveness of an information security management system (ISMS) including its processes and controls; the analysis and evaluation of the results of monitoring and measurement. This document is applicable to all types and sizes of organizations.

    General Product Information - (Show below) - (Hide below)

    Committee IST/33/1
    Development Note Supersedes 08/30134763 DC. (01/2010) Supersedes 16/30286027 DC. (12/2016)
    Document Type Standard
    Publisher British Standards Institution
    Status Current
    Supersedes

    Standards Referenced By This Book - (Show below) - (Hide below)

    17/30354571 DC : 0 BS 7799-3 - INFORMATION SECURITY MANAGEMENT SYSTEMS - PART 3: GUIDELINES FOR INFORMATION SECURITY RISK MANAGEMENT
    BS 7799-3:2017 Information security management systems Guidelines for information security risk management

    Standards Referencing This Book - (Show below) - (Hide below)

    ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements
    ISO/TR 10017:2003 Guidance on statistical techniques for ISO 9001:2000
    ISO/IEC 27000:2016 Information technology Security techniques Information security management systems Overview and vocabulary
    ISO/IEC 15939:2007 Systems and software engineering Measurement process
    View more information

    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective