ISO 9000 Quality Management Systems: [ISO 27001 security] Can any one throw some light on metrics

Friday, February 27, 2009

[ISO 27001 security] Can any one throw some light on metrics

Hi team

Great work you guys are doing !!!! Even though am a silent listener, i use to enjoy the entire series of mail exchanges. Thank you all who contribute towards this group.

I have recently finished the ISMS implementation for one of our client. Now that the time for measurement of the maturity of ISMS. So can any one throw some light in the area of metrics. How can start, which are the components do i need to take, any templates, etc.

Hope that you can help me in this.

--
Sandeep Erat
Bangalore

A set of ISMS metrics aligned with ISO27k vaguely approach the templates you
requested. It is published at
www.iso27001security.com/ISO27k_security_metrics_examples.pdf  This paper
documents the output of interactive ISMS metrics workshop involving a clever
bunch of IT auditors and other information security pros, under the auspices
of ISACA in Wellington NZ. I'm quite sure others on this email reflector
would be able to suggest additional metrics that work for them.

I published a white paper on ISMS metrics at
www.noticebored.com/html/metrics.html, originally in the ISSA Journal in
July 2006. It goes into the rationale for designing/selecting information
security metrics, along the way referencing a all-time classic
though-provoking academic paper "Metrics: you are what you measure" at
http://web.mit.edu/hauser/www/Papers/Hauser-Katz%20Measure%2004-98.pdf

Last but definitely not least is the excellent book by Andrew Jaquith
"Security metrics: replacing fear, uncertainty and doubt" - search the Web
or spend your US$31.50 at
http://astore.amazon.com/wwwnoticeborc-20/detail/0321349989   Andrew runs a
wiki/blog/mailing list/conference on information security metrics in
conjunction with Dan Geer and a bunch of fellow professionals, through
www.securitymetrics.org, thoroughly recommended. One of their projects is a
catalog of potential information security metrics at
www.securitymetrics.org/content/Wiki.jsp?page=MetricsCatalogProject

Do let us know how you get on, Sandeep.

Best wishes,
Gary

Gary Hinson
Passionately curious, curiously passionate
www.NoticeBored.com  Creative awareness materials
www.ISO27001security.com  ISO/IEC 27000 standards
www.isect.com/html/environmental_policy.html  Going green

- Show quoted text -

ISO 27004- the metrics standard

“There is only one boss. The customer. And he can fire everybody in the company from the chairman on down, simply by spending his money somewhere else.”
Sam Walton quote

ISO 9000 Quality Management Systems

tracker

TQMC

Friday, February 27, 2009

[ISO 27001 security] Can any one throw some light on metrics

No comments:

Post a Comment

Imagine

hacking the power grid for DUMMIES

CONTACT US

Cable Gland fitting GUIDE on VIDEO

Flameproof Expert, ask yoyr QUESTIONS here

Flameproof electricals for MINES

how to recognize suspicious, doubtful and outright FAKE ISO 9001 Certification

Widget Bidget

Incentives for Education Sector

CE Marking - LABELING DIRECTIVES

CURRENT REVISION/ AMENDMENT STATUS of DIRECTIVES for CE Marking

PED and ASME for Dummies

List of Calibrators in INDIA and NABL approved

Machine Safety Testing and LVD

exporting FOODSTUFFS to EUROPE

Exporting of medicines to EU

which products require CE Marking and which do not

Joint UL/ CSA Certification and CE Marking integrated approach

UL Mark FAQs

CE Marking - INDEX

TCF requirements

Harmonized Standards and NANDO

Eco Design Directive

CE Marking: MID

EuP Directive

how SMEs in INDIA have failed -

how to upgrade from ISO 9001 to ISO/TS 16949:2009

EN standards for Directives

Pesticides in COKE - things grow better with COKE

Anil buys power from TATA POWER

Succession planning in INDIAN Companies and SMEs

Guidance on Process Approach by ISO Support

Guide to Product Recall and INSURANCE

the penalty for environmental damage in EUROPE

about business liability insurance

ISO and standards for ENVIRONMENTAL Management

Bollywood is not ART, its not CULTURE : its BULL SHIT

u been SUCKERED

Ayodhya

SCADA of Power Grid is vulnerable

ISO 9001" From Quality Management to Business Management - QMS to BMS

List of hazardous substances and TOXINS

OSAMA is BULLSHITTING - outsourcing is a COST Advantage to US Business,

Subscribe To

Total Pageviews

Popular Posts

Succession planning in INDIAN Companies and SMEs

Business Consultant

how to evaluate and select the RIGHT ISO 9000 Consultant - guidance by ISO

HALAL and KOSHER Certification in INDIA

List of ISO 27001 Certified Companies in INDIA and Worldwide

Selling SICKNESS; Pharma Cos bribing docs in INDIA

the most detailed STEP by STEP Guide to CE Marking given by EU

CE Marking and Manufacturers Liability

Smart Grid for DUMMIES

BANK Treasury Department Roles and Responsibilities

Risk Management Manual for all sectors

ISO 31000:2009 Released

Low cost Consultancy and Certification now available for ISO 9001

CE Marking and LIABILITY

Business Continuity Management - Succession Planning

old postings RECOVERY

MDD useful GUIDELINES

MDD Class 1 : CoC

how to get subsidy from Ministry of FOOD Processing India

ISO 27001 - the BASICS

CUSTOMER is GOD

HACCP and ISO 9000 - the complete GUIDE

the BOSS

TIMES OF INDIA - the FRONT PAGE

IATF Guidance

on line PURCHASE STANDARDS from BIS

CE Marking: Testing Labs