Interdependency indicator -
ISO IEC 27002 control name EXAMPLE OF IMPLEMENTATION
Controls against malware
Control ID:
12.2.1
Domain:
12Operations Security
Subdomain:
12.2Protection from malware

Detection, prevention and recovery controls to protect against malware should be implemented, combined with appropriate user awareness.

Measure the mean recovery time of a service after a malware incident, by reviewing relevant past incidents.
Learning from information security incidents
Control ID:
16.1.6
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

Knowledge gained from analysing and resolving information security incidents should be used to reduce the likelihood or impact of future incidents.

Measure the types, volumes and costs of information security incidents.
Collection of evidence
Control ID:
16.1.7
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

The organisation should define and apply procedures for the identification, collection, acquisition and preservation of information, which can serve as evidence.

Calculate the amount of internal procedures dealing with evidence for the purposes of disciplinary and legal action.
Assessment of and decision on information secuirty events
Control ID:
16.1.4
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

Information security events should be assessed and it should be decided if they are to be classified as information security incidents.

Measure the number of recorded information security incidents against the recorded information security events.
Response to information security incidents
Control ID:
16.1.5
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

Information security incidents should be responded to in accordance with the documented procedures.

Measure the number of recorded information security events.
Reporting information security events
Control ID:
16.1.2
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

Information security events should be reported through appropriate management channels as quickly as possible.

Measure the percentage of people (employees and contractors) that are fully aware of their responsibility to report information security events as quickly as possible and of the relevant point of contact.
Reporting information security weaknesses
Control ID:
16.1.3
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

Employees and contractors using the organisation’s information systems and services should be required to note and report any observed or suspected information security weaknesses in systems or services.

Measure the amount of reported information security weaknesses.
Responsibilites and procedures
Control ID:
16.1.1
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

Management responsibilities and procedures should be established to ensure a quick, effective and orderly response to information security incidents.

Compare the number of staff roles identified within the procedures regarding incident management against international standards (e.g. Table 2 — Example IRT staff positions of ISO 27035).
Availability of information processing facilities
Control ID:
17.2.1
Domain:
17Information Security Aspects of Business Continuity Management
Subdomain:
17.2Redundancies

Information processing facilities should be implemented with redundancy sufficient to meet availability requirements.

Measure the degree of implementation of the redundancies planned for by the organisation.
Verify, review and evaluate information security continuity
Control ID:
17.1.3
Domain:
17Information Security Aspects of Business Continuity Management
Subdomain:
17.1Information security continuity

The organisation should verify the established and implemented information security continuity controls at regular intervals in order to ensure that they are valid and effective during adverse situations.

Review the tests of the information security continuity plans and calculate the percentage of plans that had no pending issues or problems during testing.
Implementing information security continuity
Control ID:
17.1.2
Domain:
17Information Security Aspects of Business Continuity Management
Subdomain:
17.1Information security continuity

The organisation should establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during an adverse situation.

Measure the degree of implementation of the information continuity plans of the organisation.
Planning information security continuity
Control ID:
17.1.1
Domain:
17Information Security Aspects of Business Continuity Management
Subdomain:
17.1Information security continuity

The organisation should determine its requirements for information security and the continuity of information security management in adverse situations, e.g. during a crisis or disaster.

Measure the number of risks covered by the organisation's information security continuity plans.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information