Measuring the effectiveness of your ISMS implementations based on ISO/IEC 27001

Find Similar Items

This product falls into the following categories.

You may find similar items within these categories by selecting from the choices below:

BIP 0074:2006

Measuring the effectiveness of your ISMS implementations based on ISO/IEC 27001

Status : Current   Published : June 2005



Measuring the effectiveness of your ISMS implementations based on ISO/IEC 27001

Edward Humphreys & Angelika Plate

download sample pagesWith increasing international interest in the field of information security management system (ISMS) metrics and measurements, this publication brings together the different methods that are currently in use to measure controls and/or processes.

In addition, it gives further information and guidance about these various methods to measure the success of security arrangements in place.

This book provides guidance on the implementation of ISMS control requirements for auditing existing control implementations to help organizations preparing for certification in accordance with ISO/IEC 27001:2005 Information security management systems. Requirements.

The contents of this guide include the ISMS control requirements that should be addressed by organizations considering certification according to ISO/IEC 27001:2005. Clause 2 of this guide discusses each of the controls in two different viewpoints:

  • Implementation guidance – describes what to consider to fulfil the control requirements when implementing the controls from ISO/IEC 27001:2005 Annex A. This guidance is aligned with ISO/IEC 17799:2005, which gives advice on the implementation of the controls
  • Auditing guidance – describes what to check when examining the implementation of ISO/IEC 27001:2005 controls to ensure that the implementation covers the essential ISMS control requirements. It is important to emphasize that this guide does not cover the implementation or auditing of the ISMS process requirements that are covered in Guidelines on Requirements and Preparations for ISMS Certification based on ISO/IEC 27001. This is also discussed in more detail in the section “Meeting ISO/IEC 27001 requirements”.

Contents of the guide to measuring the effectiveness of ISMS implementations based on ISO/IEC 27001 include:

  • Scope of this guide
  • Field of application
  • Usage
  • Compliance
  • Meeting ISO/IEC 27001 requirements
  • Implementing and auditing ISMS control objectives and controls
  • Security policy
  • Information security policy
  • Organization of information security
  • Internal organization
  • Security of third-party access
  • Asset management
  • Responsibility for assets
  • Information classification
  • Human resources security
  • Prior to employment
  • During employment
  • Termination or change of employment
  • Physical and environmental security
  • Secure areas
  • Equipment security
  • Communications and operations management
  • Operational procedures and responsibilities
  • Third-party service delivery management
  • System planning and acceptance
  • Protection against malicious and mobile code
  • Back-up
  • Network security management
  • Media handling
  • Exchange of information
  • Electronic commerce services
  • Monitoring
  • Access control
  • Business requirement for system access
  • User access management
  • User responsibilities
  • Network access control
  • Operating system access control
  • Application and information access control
  • Mobile computing and teleworking
  • Information systems acquisition, development and maintenance
  • Security requirements of information systems
  • Correct processing in applications
  • Cryptographic controls
  • Security of system files
  • Security in development and support processes
  • Technical vulnerability management
  • Information security incident management
  • Reporting information security events and weaknesses
  • Management of information security incidents and improvements
  • Business continuity management
  • Information security aspects of business continuity management
  • Compliance with legal requirements
  • Compliance with security policies and standards, and technical compliance
  • Information systems audit considerations

About the authors

Edward Humphreys (Chartered Fellow of the BCS CITP, CISM) is Director of XiSEC Consultants Ltd, a UK company providing information security management and risk management consultancy services.

He has been an expert in this field for more than 35 years. During this time he has worked around the world for major international companies as well as the DTI, European Commission and the OECD. Ted Humphreys is the editor of BS 7799 Part 1:1999, ISO/IEC 17799:2000, the 1999 and 2002 editions of BS 7799 Part 2 and EA 7/03 the ISMS accreditation guidelines and the Chair of the ISO group responsible for these ISMS standards. He is the founder of the ISMS International User Group and in 2002 was honoured with the Secure Computing Lifetime Achievement Award as the internationally acknowledged author of these ISMS standards and for his noteworthy achievements in shaping the development of information security management best practice.

Dr Angelika Plate has been working as an expert in the area of information security for more than 10 years, including with the German Information Security Agency (1993 – 1998) and now runs the German-based information security consulting company ÆXIS Security Consultants. Angelika Plate is directly involved in ISO activities, and was the editor of two international standards dealing with risk assessment, control selection and risk management. She is also the editor of the revised version of ISO/IEC 7799, which has now been published. Prior to that, she was involved in the revisions of BS 7799 Parts 1 and 2 in the UK and has been supporting and contributing to the development of ISO/IEC 27001. She is also working as technical support for UKAS assessors and is chairing the ISMS IUG Germany, which she founded in 2002.

Angelika Plate is speaking at BSI’s Information Security Conference in May. Read more about the 2nd Annual Information Security Conference.

Titles in this Information Security Management Systems Guidance Series include:

ISO/IEC 27001Guidelines on requirements and preparation for ISMS certification based on
ISO/IEC 27001

ISO/IEC 27001Are you ready for an ISMS audit based on ISO/IEC 27001?




ISO/IEC 27001Guide to the implementation and auditing of ISMS controls based on ISO/IEC 27001




ISO/IEC 27001Measuring the effectiveness of your ISMS implementations based on ISO/IEC 27001

Standard NumberBIP 0074:2006
TitleMeasuring the effectiveness of your ISMS implementations based on ISO/IEC 27001
Publication Date01 June 2005
DescriptorsData security, Quality auditing, Data processing, Computers, Management, Data storage protection, Certification (approval), Measurement IT and Information Management: Information Security
ISBN0 580 46015 0
File Size929.5 KB

 Your basket
Your basket is empty

Take the smart route to manage medical device compliance

Join us for the 10th anniversary Fire Safety Conference.


The faster, easier way to work with standards

Collaborate, Innovate, Accelerate.

Customers who bought this product also bought

  • BIP 0076
    Information security risk management Handbook for ISO/IEC 27001
  • BIP 0073:2013
    Guide to the Implementation and Auditing of ISMS Controls based on ISO/IEC 27001
  • BIP 0072:2013
    Are you ready for an ISMS audit based on ISO/IEC 27001?