Standard
Track updates
iconCreated with Sketch.

AS ISO/IEC 27004:2018

[Current]

Information technology — Security techniques — Information security management — Monitoring, measurement, analysis and evaluation

Adopts ISO/IEC 27004:2016 to provide guidelines intended to assist organizations in evaluating the information security performance and the effectiveness of an information security management system in order to fulfil the requirements of ISO/IEC 27001:2013, 9.1.
Published: 22/02/2018
Pages: 58
Table of contents
Cited references
Content history
Table of contents
Header
About this publication
Preface
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Structure and overview
5 Rationale
5.1 The need for measurement
5.2 Fulfilling the ISO/IEC 27001 requirements
5.3 Validity of results
5.4 Benefits
6 Characteristics
6.1 General
6.2 What to monitor
6.3 What to measure
6.4 When to monitor, measure, analyse and evaluate
6.5 Who will monitor, measure, analyse and evaluate
7 Types of measures
7.1 General
7.2 Performance measures
7.3 Effectiveness measures
8 Processes
8.1 General
8.2 Identify information needs
8.3 Create and maintain measures
8.3.1 General
8.3.2 Identify current security practices that can support information needs
8.3.3 Develop or update measures
8.3.4 Document measures and prioritize for implementation
8.3.5 Keep management informed and engaged
8.4 Establish procedures
8.5 Monitor and measure
8.6 Analyse results
8.7 Evaluate information security performance and ISMS effectiveness
8.8 Review and improve monitoring, measurement, analysis and evaluation processes
8.9 Retain and communicate documented information
Annex A
Annex B
B.1 General
B.2 Resource allocation
B.3 Policy review
B.4 Management commitment
B.5 Risk exposure
B.6 Audit programme
B.7 Improvement actions
B.8 Security incident cost
B.9 Learning from information security incidents
B.10 Corrective action implementation
B.11 ISMS training or ISMS awareness
B.12 Information security training
B.13 Information security awareness compliance
B.14 ISMS awareness campaigns effectiveness
B.15 Social engineering preparedness
B.16 Password quality – manual
B.17 Password quality – automated
B.18 Review of user access rights
B.19 Physical entry controls system evaluation
B.20 Physical entry controls effectiveness
B.21 Management of periodic maintenance
B.22 Change management
B.23 Protection against malicious code
B.24 Anti-malware
B.25 Total availability
B.26 Firewall rules
B.27 Log files review
B.28 Device configuration
B.29 Pentest and vulnerability assessment
B.30 Vulnerability landscape
B.31 Security in third party agreements – A
B.32 Security in third party agreements – B
B.33 Information security incident management effectiveness
B.34 Security incidents trend
B.35 Security event reporting
B.36 ISMS review process
B.37 Vulnerability coverage
Annex C
C.1 ‘Training effectiveness’ – effectiveness measurement construct
Bibliography
Cited references in this standard
Content history
DR AS ISO/IEC 27004:2017

One-time Purchase

Access via web browser on any device
One-time purchase
Single publication
Offline access via PDF^

$230.65 AUD

Inclusive of GST
Format *
iconCreated with Sketch.
Web Reader
Licenses *
iconCreated with Sketch.
1 user
Total$230.65 AUD
Add to Cart
IMPORTANT