Chapter 8: Measure, Monitor, and Review

A useful information security management system (ISMS) is one that helps an organization achieve its information security objectives. Those objectives should be linked to its business, regulatory, and contractual obligations, and should be delegated to appropriate levels within the organization.

ISO 27001 requires the organization “to continually improve the suitability, adequacy, and effectiveness of the ISMS.” The corrective action requirements of the Standard are met by an effective ISMS audit plan, competent review of nonconformities (part of the responsibility of the information security manager), the incident response procedures, and the related documentation.

The combination of effective monitoring, ...

Get Nine Steps to Success: North American edition - An ISO 27001 Implementation Overview now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Nine Steps to Success: North American edition - An ISO 27001 Implementation Overview by Alan Calder

CHAPTER 8: MEASURE, MONITOR, AND REVIEW

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly