|
Information system security policy
|
• Review the information security incidents and the relevant event logs. Count the number of times per system that an indicative log entry is missing.
• Review information security incident reports focusing on the root cause of the incident. Count the number of vulnerabilities that caused an incident and were not identified during the management of technical vulnerabilities. |
|
Information system security indicators
|
• Review the information security incidents and the collected evidence related administrator and operator logs. Count the number of times per system that an indicative log entry is missing. |
|
IT security maintenance procedure
|
• Compare the time stamp of all critical components to a reliable and reputable time source. Count the number of diviations.
• Review the change requests and relevant documentation and measure the mean amount of time needed for a change to be performed in a system, per system.
• Review the test reports of applications after operating plarform changes. Measure the mean amount of time needed to perfom the test and fix possible subsequent problems per system.
• Review existing software components and compare their version to the latests available. Count the number of system currently not up-to-date. |
|
Logging
|
• Count the time elapsed between a major change or incident and the review of the relavant information security policies. |
|
Information system security incident response
|
• Review information security incident reports and measure the mean amount of time needed to reach a decision per system / service.
• Review information security incident reports and measure the mean amount of time needed for the responce to security incidents per system and service.
• Review the types, volumes and costs of information security incidents. Identify the number of controls implemented that changes some aspect of similar future incidents.
• Measure the mean amount of time for the collection of evidence. |