Database Reference
In-Depth Information
It suggests that you introduce performance measures to determine if information
security is succeeding. For example, metrics for information security include:
• No incidents causing public embarrassment
• Number of critical business processes that rely on IT and have adequate
continuity plans
• Number of critical infrastructure components with automatic
availability monitoring
• Measured improvement in employee awareness of ethical conduct
requirements, system security principles, and performance of duties
in an ethical and secure manner
• Full compliance or agreed-upon and recorded deviations from minimum
security requirements
• Percentage of IT-related plans and policies developed and documented
covering IT security mission, vision, goals, values, and code of conduct
• Percentage of IT security plans and policies communicated to all stakeholders
ISO 17799 also breaks our specific objectives:
• Management should identify responsibilities and procedures for deining,
agreeing on, and funding risk management improvements. A reality check
of the security strategy should be conducted by a third party to increase
objectivity and should be repeated at appropriate time intervals.
• Critical infrastructure components should be identiied and continuously
monitored. Service level agreements should be used to raise awareness
and increase co-operation with suppliers for security and continuity needs.
• Management endorses and should be demonstrably committed to
the information security and control policies, stressing the need for
communication, understanding and compliance. Policy enforcement
should be considered and decided upon at the time of policy development.
A confirmation process should be in place to measure awareness,
understanding, and compliance with policies. Information control policies
should be aligned with the overall strategic plans. There should be a
consistently applied policy development framework that guides formulation,
roll-out, understanding, and compliance.
Search WWH ::
Custom Search