Skip to content
Home / Function (NIST CSF 2.0) / DE - Detect / MN - Monitoring

ISO/IEC 27004:2016 Information technology — Security techniques — Information security management — Monitoring, measurement, analysis and evaluation

This document focuses on:

ISO/IEC 27004 is an international standard that provides guidelines for monitoring, measuring, analyzing, and evaluating the performance and effectiveness of an Information Security Management System (ISMS) based on ISO/IEC 27001. The standard outlines how organizations should define and implement metrics to assess both the performance of information security controls and the overall effectiveness of the ISMS. It covers the development of relevant metrics, processes for data collection and analysis, and guidance on reporting results to drive continual improvement. ISO/IEC 27004 is applicable to organizations of all sizes and types, helping them make informed decisions about information security and ensuring compliance with ISO/IEC 27001 requirements for measurement and evaluation.


Publication's URL

https://www.iso.org/standard/64120.html

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *