Re: Effectiveness of ISMS (Information Security Management System) Controls Measureme
Hi,
We are implementing ISMS in our company. I am just a member of implementation team.
Here are some examples of IS metrics:
- time to patch critical systems
- number of virus detected vs. infection
- number of people attending awareness sessions
- % of contractors signing with NDAs
- number of audit findings closed vs. open
It is important in controls' effectiveness measurement to have baseline data. What is the state prior to the implementation of the control? Compare it with data after control implementation.