Interdependency indicator -
ISO IEC 27002 control name EXAMPLE OF IMPLEMENTATION
Event logging
Control ID:
12.4.1
Domain:
12Operations Security
Subdomain:
12.4Logging and monitoring

Event logs recording user activities, exceptions, faults and information security events should be produced, kept and regularly reviewed.

Review the logs of relevant systems and measure the mean downlime (time period between system down to system up).
Monitoring and review of supplier services
Control ID:
15.2.1
Domain:
15Supplier Relationships
Subdomain:
15.2Supplier service delivery management

Organisations should regularly monitor, review and audit supplier service delivery.

Review information on incidents received from the suppliers. Measure the downtime imposed on the organzations services from the supplier's incident per type of incident and service.
Learning from information security incidents
Control ID:
16.1.6
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

Knowledge gained from analysing and resolving information security incidents should be used to reduce the likelihood or impact of future incidents.

Measure the types, volumes and costs in terms of down time of information security incidents.
Collection of evidence
Control ID:
16.1.7
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

The organisation should define and apply procedures for the identification, collection, acquisition and preservation of information, which can serve as evidence.

Review existing legislation regarding collection of evidence and measure the amount of time that the system needs to be availabel for the collection of evidence by the relevant authorities.
Assessment of and decision on information secuirty events
Control ID:
16.1.4
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

Information security events should be assessed and it should be decided if they are to be classified as information security incidents.

Review the documented information security incidents and measure the amount of time needed before reaching a decision per incident type and service.
Response to information security incidents
Control ID:
16.1.5
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

Information security incidents should be responded to in accordance with the documented procedures.

Review the documented information security incidents and measure the amount of time the service was dirupted per type of incident and service.
Reporting information security events
Control ID:
16.1.2
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

Information security events should be reported through appropriate management channels as quickly as possible.

Review documented information security incident reports and measure the mean downtime per service per type of incident.
Reporting information security weaknesses
Control ID:
16.1.3
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

Employees and contractors using the organisation’s information systems and services should be required to note and report any observed or suspected information security weaknesses in systems or services.

Review the documented information security weaknesses that are still unresolved and estimate the impact to the downtime per system from them.
Responsibilites and procedures
Control ID:
16.1.1
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

Management responsibilities and procedures should be established to ensure a quick, effective and orderly response to information security incidents.

Measure the estimated time for the implementation of the incident response procedures.
Verify, review and evaluate information security continuity
Control ID:
17.1.3
Domain:
17Information Security Aspects of Business Continuity Management
Subdomain:
17.1Information security continuity

The organisation should verify the established and implemented information security continuity controls at regular intervals in order to ensure that they are valid and effective during adverse situations.

Review the information continuity test reports and extract the mean downtime achieved for scenario implemented per service.
Planning information security continuity
Control ID:
17.1.1
Domain:
17Information Security Aspects of Business Continuity Management
Subdomain:
17.1Information security continuity

The organisation should determine its requirements for information security and the continuity of information security management in adverse situations, e.g. during a crisis or disaster.

Review the information continuity plans and count the percentage of systems that have identified alternative paths of implementation.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information