Security Policy: Difference between revisions
Jump to navigation
Jump to search
| Line 274: | Line 274: | ||
The organization shall determine: | The organization shall determine: | ||
:1. what needs to be monitored and measured, including information security processes and controls; | :1. what needs to be monitored and measured, including information security processes and controls; | ||
:2. the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results; | :2. the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results; | ||
| Line 280: | Line 279: | ||
:3. when the monitoring and measuring shall be performed; | :3. when the monitoring and measuring shall be performed; | ||
:4. who shall monitor and measure; | :4. who shall monitor and measure; | ||
:5. when the results from monitoring and measurement shall be analysed and evaluated; and | :5. when the results from monitoring and measurement shall be analysed and evaluated; and | ||
:6. who shall analyse and evaluate these results. | :6. who shall analyse and evaluate these results. | ||