Effectiveness of ISMS (Information Security Management System) Controls Measurement

K

keres

Can anyone help me with effectiveness of ISMS controls measurement methodology? Do you have any examples?

Thank you!
 

Richard Regalado

Trusted Information Resource
Re: Effectiveness of ISMS (Information Security Management System) Controls Measureme

Can anyone help me with effectiveness of ISMS controls measurement methodology? Do you have any examples?

Thank you!

Why keres? Why do you need help? Are you a student? A researcher? A consultant? Someone who is tasked in measuring controls effectiveness? Please add context to your inquiry.

But I will indulge you with an example:

Was: 5 robberies last year
Control: Installed bogus CCTV camera with blinking LED light on top
Now: 0 robbery

Was the bogus CCTV effective?
 
K

keres

Re: Effectiveness of ISMS (Information Security Management System) Controls Measureme

Why keres? Why do you need help? Are you a student? A researcher? A consultant? Someone who is tasked in measuring controls effectiveness? Please add context to your inquiry.

Hi,

We are implementing ISMS in our company. I am just a member of implementation team.
 

Richard Regalado

Trusted Information Resource
Re: Effectiveness of ISMS (Information Security Management System) Controls Measureme

Hi,

We are implementing ISMS in our company. I am just a member of implementation team.

Here are some examples of IS metrics:
- time to patch critical systems
- number of virus detected vs. infection
- number of people attending awareness sessions
- % of contractors signing with NDAs
- number of audit findings closed vs. open

It is important in controls' effectiveness measurement to have baseline data. What is the state prior to the implementation of the control? Compare it with data after control implementation.
 
Top Bottom