What is it?
BS ISO/IEC 27004 provides guidance on how to assess the performance of an Information Security Management System (ISMS) developed and implemented using BS ISO/IEC 27001. It explains how to develop and operate measurement processes, and how to assess and report the results of the associated measurement constructs.
Assessment and improvement of both processes and controls is an integral part of any management system. BS ISO/IEC 27004 shows how the effectiveness of an ISMS built using ISO/IEC 27001 can be monitored and assessed.
How does it work?
BS ISO/IEC 27004 shows how to construct an information security measurement programme, how to select what to measure, and how to operate the necessary measurement processes. BS ISO/IEC 27004 includes extensive examples of different types of measures, and how the effectiveness of these measures can be assessed.
A successful measurement programme built using BS ISO/IEC 27004 will meet the performance monitoring requirements set out in BS ISO/IEC 27001.
Who should buy it?
Anyone who is planning to build an ISMS based on BS ISO/IEC 27001 needs BS ISO/IEC 27004 as well. It is an essential supporting standard for ISMS implementation.
It will be useful for anyone needing insight into the practical aspects of building an ISO/IEC 27001 ISMS.