Interdependency indicator -
ISO IEC 27002 control name EXAMPLE OF IMPLEMENTATION
Capacity management
Control ID:
12.1.3
Domain:
12Operations Security
Subdomain:
12.1Operational procedures and responsibliities

The use of resources should be monitored, tuned and projections made of future capacity requirements to ensure the required system performance.

Review the utilization of key system resources through the capacity management system of the organisation. Identify trends and measure the minimum and maximum value for each critical resource vs time.
Event logging
Control ID:
12.4.1
Domain:
12Operations Security
Subdomain:
12.4Logging and monitoring

Event logs recording user activities, exceptions, faults and information security events should be produced, kept and regularly reviewed.

Review the information security incidents and the relevant event logs. Count the number of times per system that an indicative log entry is missing.
Managing changes to supplier services
Control ID:
15.2.2
Domain:
15Supplier Relationships
Subdomain:
15.2Supplier service delivery management

Changes to the provision of services by suppliers, including maintaining and improving existing information security policies, procedures and controls, should be managed, taking account of the criticality of business information, systems and processes involved and re-assessment of risks.

Review the change requests related to suppliers. Count the number of change requests per period of time.
Monitoring and review of supplier services
Control ID:
15.2.1
Domain:
15Supplier Relationships
Subdomain:
15.2Supplier service delivery management

Organisations should regularly monitor, review and audit supplier service delivery.

Review the results of the evalutation of suppliers. Count the number of deviations per period of time.
Learning from information security incidents
Control ID:
16.1.6
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

Knowledge gained from analysing and resolving information security incidents should be used to reduce the likelihood or impact of future incidents.

Review Incident Reports. Count the number of reported incidents per service per period of time.
Collection of evidence
Control ID:
16.1.7
Domain:
16Information Security Incident Management
Subdomain:
16.1Management of information security incidents and improvements

The organisation should define and apply procedures for the identification, collection, acquisition and preservation of information, which can serve as evidence.

Review Incident reports with focus on those that require the activation of the collection of evidence procedure. Count the number of activations of the procedure per period of time.
Availability of information processing facilities
Control ID:
17.2.1
Domain:
17Information Security Aspects of Business Continuity Management
Subdomain:
17.2Redundancies

Information processing facilities should be implemented with redundancy sufficient to meet availability requirements.

Review existing architecture. Count the number of redundant (unused) resources per period of time.
Verify, review and evaluate information security continuity
Control ID:
17.1.3
Domain:
17Information Security Aspects of Business Continuity Management
Subdomain:
17.1Information security continuity

The organisation should verify the established and implemented information security continuity controls at regular intervals in order to ensure that they are valid and effective during adverse situations.

Review the tests of business continuity and disaster recovery plans. Measure the time needed for the successful conclusion of the tests in different periods of time.
Implementing information security continuity
Control ID:
17.1.2
Domain:
17Information Security Aspects of Business Continuity Management
Subdomain:
17.1Information security continuity

The organisation should establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during an adverse situation.

Estimate the amount of personnel employed by the organisation per period of time, that have been informed regarding their role in the business continuity and disaster recover plans.
Planning information security continuity
Control ID:
17.1.1
Domain:
17Information Security Aspects of Business Continuity Management
Subdomain:
17.1Information security continuity

The organisation should determine its requirements for information security and the continuity of information security management in adverse situations, e.g. during a crisis or disaster.

Review the business continuity plans. Estimate the impact per period of time from a disruption to the service provision.

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information