Information technology -- Security techniques -- Information security management -- Monitoring, measurement, analysis and evaluation

This document provides guidelines intended to assist organizations in evaluating the information
security performance and the effectiveness of an information security management system in order to
fulfil the requirements of ISO/IEC 27001:2013, 9.1. It establishes:
a) the monitoring and measurement of information security performance;
b) the monitoring and measurement of the effectiveness of an information security management
system (ISMS) including its processes and controls;
c) the analysis and evaluation of the results of monitoring and measurement.
This document is applicable to all types and sizes of organizations.

Technologies de l'information -- Techniques de sécurité -- Management de la sécurité de l'information -- Surveillance, mesurage, analyse et évaluation

Informacijska tehnologija - Varnostne tehnike - Upravljanje informacijske varnosti - Spremljanje, merjenje, analiza in evalvacija

Ta dokument podaja smernice za pomoč organizacijam pri ocenjevanju uspešnosti informacijske varnosti in učinkovitosti sistema upravljanja informacijske varnosti za namene izpolnitve zahtev standarda ISO/IEC 27001:2013, 9.1. Določa:
a) spremljanje in merjenje učinkovitosti informacijske varnosti;
b) spremljanje in merjenje učinkovitosti sistema upravljanja informacijske varnosti (ISMS), vključno z njegovimi procesi in kontrolami;
c) analizo ter vrednotenje rezultatov spremljanja in merjenja.
Ta dokument se uporablja za vse vrste in velikosti organizacij.

General Information

Status
Published In Translation
Publication Date
22-Oct-2018
Technical Committee
Current Stage
6100 - Translation of adopted SIST standards (Adopted Project)
Start Date
13-May-2024
Due Date
12-May-2025

Relations

Buy Standard

Standard
ISO/IEC 27004:2018
English language
63 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
Standard
ISO/IEC 27004:2016 - Information technology -- Security techniques -- Information security management -- Monitoring, measurement, analysis and evaluation
English language
58 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

SLOVENSKI STANDARD
SIST ISO/IEC 27004:2018
01-november-2018
1DGRPHãþD
SIST ISO/IEC 27004:2011
Informacijska tehnologija - Varnostne tehnike - Upravljanje informacijske varnosti -
Spremljanje, merjenje, analiza in evalvacija
Information technology -- Security techniques -- Information security management --
Monitoring, measurement, analysis and evaluation
Technologies de l'information -- Techniques de sécurité -- Management de la sécurité de
l'information -- Surveillance, mesurage, analyse et évaluation
Ta slovenski standard je istoveten z: ISO/IEC 27004:2016
ICS:
03.100.70 Sistemi vodenja Management systems
35.030 Informacijska varnost IT Security
SIST ISO/IEC 27004:2018 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST ISO/IEC 27004:2018

---------------------- Page: 2 ----------------------

SIST ISO/IEC 27004:2018
INTERNATIONAL ISO/IEC
STANDARD 27004
Second edition
2016-12-15
Information technology — Security
techniques — Information security
management — Monitoring,
measurement, analysis and evaluation
Technologies de l’information — Techniques de sécurité —
Management de la sécurité de l’information —
Surveillance, mesurage, analyse et évaluation
Reference number
ISO/IEC 27004:2016(E)
©
ISO/IEC 2016

---------------------- Page: 3 ----------------------

SIST ISO/IEC 27004:2018
ISO/IEC 27004:2016(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2016 – All rights reserved

---------------------- Page: 4 ----------------------

SIST ISO/IEC 27004:2018
ISO/IEC 27004:2016(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Structure and overview . 1
5 Rationale . 2
5.1 The need for measurement . 2
5.2 Fulfilling the ISO/IEC 27001 requirements . 3
5.3 Validity of results . 3
5.4 Benefits . 3
6 Characteristics . 4
6.1 General .
...

INTERNATIONAL ISO/IEC
STANDARD 27004
Second edition
2016-12-15
Information technology — Security
techniques — Information security
management — Monitoring,
measurement, analysis and evaluation
Technologies de l’information — Techniques de sécurité —
Management de la sécurité de l’information —
Surveillance, mesurage, analyse et évaluation
Reference number
ISO/IEC 27004:2016(E)
©
ISO/IEC 2016

---------------------- Page: 1 ----------------------
ISO/IEC 27004:2016(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2016, Published in Switzerland
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form
or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior
written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of
the requester.
ISO copyright office
Ch. de Blandonnet 8 • CP 401
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
ii © ISO/IEC 2016 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 27004:2016(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Structure and overview . 1
5 Rationale . 2
5.1 The need for measurement . 2
5.2 Fulfilling the ISO/IEC 27001 requirements . 3
5.3 Validity of results . 3
5.4 Benefits . 3
6 Characteristics . 4
6.1 General . 4
6.2 What to monitor. 4
6.3 What to measure . 5
6.4 When to monitor, measure, analyse and evaluate . 6
6.5 Who will monitor, measure, analyse and evaluate . 6
7 Types of measures . 7
7.1 General .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.