Monitoring, Measurement, Analysis and Evaluation

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 52 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:02
module seven
00:04
During this module will cover Clause nine performance evaluation.
00:11
Listen 7.1
00:13
monitoring, measurement, analysis and evaluation.
00:20
During this lesson, we will cover the requirements regarding measurement and evaluation.
00:26
We'll also look at what needs to be established
00:30
and what the documented information for this clause would be.
00:40
So monitoring, measurement,
00:42
analysis and evaluation.
00:46
This is what Clause nine is made up of
00:49
and close nine has three sub clauses being 9.1
00:53
monitoring, measurement, analysis and evaluation,
00:57
9.2 internal orders
01:00
and 9.3 management review.
01:03
These clauses are quite important with regards to instilling the isthmus culture off continual improvement.
01:10
You can only improve on something when you know how it is performing,
01:12
and that's what this is. This close is all about
01:17
to ensure that you have an effective monitoring process in place. Your organization must decide what it needs to monitor
01:23
who and how monitoring will be performed,
01:26
how often monitoring will be done,
01:29
who and when results are analyzed and evaluated,
01:34
as well as the methods used to ensure that the results from these processes will be valid and reproducible
01:42
because of how intricate and involved this process can become.
01:45
There is a whole guidance document dedicated to it.
01:49
I sold 27,000 and four.
01:52
So if you feel stuck in this process,
01:55
have a look at this document.
01:57
We'll cover some of the basics
01:59
to decide on the types of measurements. It is often easier to define the information need.
02:05
For example,
02:06
you want to know how many end user devices have out of date virus signatures.
02:13
You can monitor and measure pretty much anything and everything,
02:15
so it helps to define what you will be monitoring.
02:20
It's even better if he's monitoring Activities are linked to the information security objectives and the icy mess processes,
02:28
so that the effectiveness and progress of these can be monitored and measured.
02:32
There are two main types off measurements that we can look at.
02:37
The first one is performance measurements.
02:39
Thes expressed the planned results in terms of the characteristics of the planned activities,
02:46
such as headcounts, milestone accomplishments,
02:49
all the degree to which information security controls have been put into place.
02:54
We then have effectiveness measurements.
02:58
These express the planned results in terms of the effect
03:01
that realization of the planned activities have on achieving the organization's information security objectives.
03:13
There are also two aspect of evaluation,
03:16
the first one being information security performance,
03:21
which determines how well processes within the SMEs are meeting their specifications.
03:27
We also then evaluate the effectiveness of the ice mess itself,
03:30
which includes determining the extent to which information security objectives are being achieved.
03:43
So what do we need to establish to ensure that we have appropriate monitoring, evaluation and analysis in place?
03:52
Your organization needs to make the decision around monitoring and should consider these three points
03:58
what needs to be monitored,
04:00
who will be doing the monitoring and how often does this need to be done?
04:06
What methods are going to be used for monitoring
04:10
to ensure that valid and repeatable results are produced?
04:15
Another point to consider
04:16
is once these three factors have been determined,
04:19
the audience that this information needs to be presented to must also be established
04:26
Well. All of the monitoring information be pulled into one overall report and presented to the key ice mess stakeholders and interested parties,
04:34
or will a copy be made securely available?
04:38
Will there be evidence to show the auditors that this information has been communicated and acted upon?
04:45
There is a lot to consider within each of the eye. So 27,001 closes.
04:50
But things can be kept simple in the beginning.
04:54
But as your eyes miss grows and matures, there will invariably be more to look after and manage,
05:00
which shouldn't present an issue. If the foundations you've implemented are solid,
05:13
so again,
05:15
9.1 is quite an important close,
05:17
and having tangible evidence to show your auditors during your certification audit is pretty important.
05:24
These are just some examples of what can count as evidence in this regard.
05:29
Security metrics in various reports,
05:32
security metrics in various dashboards.
05:35
These can be dashboards on your existing security
05:39
technologies.
05:41
Such a seem i ps and so forth
05:45
existing presentations where metrics and analysis thereof were presented to various stakeholders
05:53
and proved that metrics are communicated and acted upon.
05:57
This can include emails,
05:59
memos,
06:00
attendance, registers off meetings to discuss the metrics,
06:04
meeting minutes of the above meetings which detailed what was discussed, as well as the agreed upon actions,
06:12
emails from management, congratulating teams on good performance
06:15
and any action plans that have arised
06:25
to recap.
06:27
In this lesson, we covered the requirements pertaining to measurement and evaluation or clause 9.1,
06:34
we looked at what should be established to support monitoring efforts.
06:40
We also examined the required documentation to support this clause.
Up Next