ISO/IEC 27004:2016 - Information technology — Security techniques ― Information security management ― Monitoring, measurement, analysis and evaluation

Owner

International Organization for Standardization (ISO)

Standardisation body

Contact information

ISO Central Secretariat

https://www.iso.org/contact-iso.html

ISO/IEC 27004 concerns measurements or measures needed for information security management: these are commonly known as ‘security metrics’ in the profession (if not within ISO/IEC JTC 1/SC 27).
The standard is intended to help organizations evaluate the effectiveness and efficiency of their ISO27k Information Security Management Systems, providing information necessary to manage and (where necessary) improve the ISMS systematically. It expands substantially on clause 9.1 of ISO/IEC 27001 concerning ‘monitoring, measurement, analysis and evaluation’.

Last update: 22/10/2019

ISO/IEC 27004:2016 - Information technology — Security techniques ― Information security management ― Monitoring, measurement, analysis and evaluation

European Union Public Licence, Version 1.1 (EUPL)

Detailed information

Published on

09/10/2017

Last update

09/10/2017

Status

Completed

Moderation

Only facilitators and authors can create content.

Moderated

Quick links

ISO/IEC 27004:2016 - Information technology — Security techniques ― Information security management ― Monitoring, measurement, analysis and evaluation

Detailed information

Moderation