The Full Wiki

More info on ISO/IEC 27004

ISO/IEC 27004: Wikis


Note: Many of our articles have direct quotes from sources you can cite, within the Wikipedia article! This article doesn't yet, but we're working on it! See more info or our list of citable articles.


From Wikipedia, the free encyclopedia

ISO/IEC 27004:2009, part of a growing family of ISO/IEC ISMS standards, the 'ISO/IEC 27000 series', is an information security standard developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its full name is Information technology -- Security techniques -- Information security management -- Measurement.

The purpose of ISO/IEC 27004 is to help organizations measure, report and hence systematically improve the effectiveness of their Information Security Management Systems (ISMS).

The standard includes the following main sections:

  • Information security measurement overview;
  • Management responsibilities;
  • Measures and measurement development;
  • Measurement operation;
  • Data analysis and measurement results reporting;
  • Information Security Measurement Program evaluation and improvement.

Annex A provides a template with which to describe a measure, while Annex B offers some worked examples.

The standard was published on December 7, 2009[1].

See also

External links

  1. ^


Got something to say? Make a comment.
Your name
Your email address