Abstract :
It is commonly accepted that you cannot improve what you can not measure. This concept is applicable to almost all the departments of an organization (financial, production, human resources, quality, etc.). However, in a lot of organizations the information system area, and more concretely the information security area, does not base its decisions on quantifiable, measurable, comparable and contrastable data, but on the experience of its managers. It is essential for an organization to place indicators for obtaining information on the information security control´s effectiveness, so that problems can be detected as soon as possible.
Keywords :
information management; security of data; information security area; information security control; information security management metrics development; information system area; Environmental management; Humans; ISO standards; Information management; Information security; Management information systems; Production; Proportional control; Risk management; Standards organizations;
