The Standards:

Introduction To ISO 27004 (ISO27004)

Published in December 2009, ISO 27004 provides guidance on the development and use of measures and measurement for the assessment of the effectiveness of an implemented information security management system and controls, as specified in ISO 27001. The appendix of the document also suggests metrics which were selected to align with ISO 27002.

It is intended to help an organization establish the effectiveness of its ISMS implementation, embracing benchmarking and performance targeting within the PDCA cycle.

Formal Title: "Information technology - Security techniques - Information security management - Measurement"

ADDITIONAL INFORMATION

ISO 27004 is applicable to all types and sizes of organization..

Buying Standards

For sources of these standards and related products, please visit our Standards Download Page

This will be updated with new sources on an ongoing basis.

About Standards

How are standards developed? Who develops them? Why have them?

Our Background Section attempts to answer these and other common questions.

Other Standards

The 27000 series has informal relationships with a number of other standards.

Our Other Standards Section identifies some of these and provides a brief definition of each.

ISO27004 and ISO 27004 Measurement and Metrics