This is cache of http://riskmanagementinsight.com/riskanalysis/?p=525. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.
KPIs for ISO 27001? Do Such Things Exist?
2008-12-02 13:48:41 by Alex in RiskAnalys.is
 

On Gary Hinson’s excellent ISO 27001 Google Group, the following question was just posed:

Dear Implementers:
What could be the KPIs by which I, being Management Representative,
can show complete picture in a compiled brief/short report? Your
response would be highly awaited.

Which I think is a great question!  Talk about no-nonsense.  None of this “high-falutin” nonsense about ISO adoption providing ‘piece of mind’ and ‘common language’ or ’strategic currency’.  No this is straight from the hip - tell me right now how I can communicate the value of an ISO implementation to non-security management.

I’m not sure I’ve got a good answer.  Do you?  You guys (loyal, cool, readers) are really bright and many of you CxSO’s in your own organizations.  Leave comments and in our next post  I’ll publish the best and brightest (as well as some of my own thoughts).

 
Tags: management representative, kpis, strategic currency, high-falutin nonsense, iso adoption, non-security management, iso implementation, dear implementers, briefshort report
 
 
 
 
 
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia