Skip to Main Content
Learn for Less – Enhance your auditing expertise today. Certify with confidence and save 25%. Find out more
ISO/IEC 27004 2016 Standard

ISO/IEC 27004 2016 Standard

SKU: 2857
Format: PDF
Published: 01 Dec 2016
Availability: In Stock

ISO/IEC 27004:2016 - Information Technology - Security techniques - information security management - measurement Standard.

ISO/IEC 27004:2016 provides guidance to help organisations evaluate the performance and effectiveness of an implemented ISMS (information security management system), as mandated in section 9.1 of ISO/IEC 27001:2013.

Buy now, pay later! Enjoy the benefits of paying by purchase order with an IT Governance corporate account. Apply online today or call our service centre team on +44 (0)333 800 7000.

Options:
Price: £176.00
Description

The ISO/IEC 27004 2019 Standard

The results of monitoring and measurement can support decisions relating to ISMS governance, management, operational effectiveness and continual improvement.

In order to be considered valid under ISO 27001, the methods chosen for monitoring, measurement, analysis and evaluation “should produce comparable and reproducible results”.

Accordingly, ISO 27004 sets out guidelines for:

  • The monitoring and measurement of information security performance.
  • The monitoring and measurement of the effectiveness of an ISMS, including its processes and controls.
  • The analysis and evaluation of the results of monitoring and measurement.

ISO/IEC 27004:2016 cancels and replaces ISO/IEC 27004:2009, which has been technically revised.


How ISO 27004:2016 differs from ISO 27004:2009

The Standard has been totally restructured to reflect its new purpose providing guidance on section 9.1 of ISO/IEC 27001:2013, which did not exist when ISO 27004:2009 was published.

The concepts and processes have been modified and expanded. However, the theoretical foundation (ISO/IEC 15939) remains the same and several of the examples given in the previous edition have been preserved, albeit updated.

There are now three annexes:

  • Annex A is an information security measurement model.
  • Annex B provides 37 measurement construct examples.
  • Annex C sets out an example of free-text form measurement construction.

ISO 27004 is applicable to all types and sizes of organisation but, as with other ISO/IEC 27000-series standards, it should be used according to each organisation’s specific situation.


Multi-user licences

If you are interested in purchasing a multi-user licence for this standard, please get in touch with us to discuss your requirements. You will receive a watermarked PDF which you will be able to store on an internal network, with access restricted to the predefined number of simultaneous users. Purchasing a multiuser licence grants you permission to print copies of the standard, up to the specified number of users.

Customer Reviews

LEARN
FOR LESS
SAVE 25%
Loading...