Scribd Logo
Upload

Welcome to Scribd!

  • Measurable Objectives

    Uploaded by

    vidya
    11 views16 pages
    This document outlines measurable objectives and metrics for an Information Security Management System (ISMS) at Terrier. It includes 7 objectives such as establishing an effective ISMS and performing risk assessments. For each objective, it identifies metrics to measure performance, targets, input sources, and review responsibilities. Metrics include things like number of user IDs disabled for employees who left and compliance with logical access rights. Performance is tracked monthly and reviewed semi-annually at management review meetings.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    XLS, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines measurable objectives and metrics for an Information Security Management System (ISMS) at Terrier. It includes 7 objectives such as establishing an effective ISMS and performing risk assessments. For each objective, it identifies metrics to measure performance, targets, input sources, and review responsibilities. Metrics include things like number of user IDs disabled for employees who left and compliance with logical access rights. Performance is tracked monthly and reviewed semi-annually at management review meetings.

    Copyright:

    © All Rights Reserved
    Download as XLS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views16 pages

    Measurable Objectives

    Uploaded by

    vidya
    This document outlines measurable objectives and metrics for an Information Security Management System (ISMS) at Terrier. It includes 7 objectives such as establishing an effective ISMS and performing risk assessments. For each objective, it identifies metrics to measure performance, targets, input sources, and review responsibilities. Metrics include things like number of user IDs disabled for employees who left and compliance with logical access rights. Performance is tracked monthly and reviewed semi-annually at management review meetings.

    Copyright:

    © All Rights Reserved
    Download as XLS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    Title ISMS Measurable Objectivs

    Document Number ID-MO-09


    Classification Internal

    Document History
    Ver # Date Author
    1.0 10/8/2015 Esecurity Audit
    Femi
    2.0 8/3/2016
    Manish Saha
    2.0 6/16/2017
    Manish Saha
    2.1 1/30/2019
    t History
    Reviewer Approvers Description
    MR MD Initial version
    MR MD Reviewed no changes
    made
    MR MD Reviewed no changes
    made
    CISO MD Reviewed and
    Updated to Q-Terrier
    Measurable Ob
    Sl.No Objectives Department/Projects Area/Controls
    1 Establish and maintain an effective Information Security All Departments / Projects Logical Access rights
    Management System.
    All Departments / Projects Physical Access rights

    2 Perform periodic information security risk assessments. All Departments / Projects Risk Assessment

    3 Comply with the legal, regulatory and contractual information All Departments / Projects Compliance
    security requirements.

    4 Create a security conscious culture within Terrier All Departments / Projects Awareness

    5 Continually monitor and improve the effectiveness of the All Departments / Projects Asset Classification
    Information Security Management System.

    6 Avability of Network IT NETWORK

    7 Capacity planning IT IT OPERATIONS


    Measurable Objectives
    Metrics Target Source of Input Frequency
    No of Employee User ID's Disabled /No of Employees Left the 100% Exit Form/Help Desk Ticket Half Yearly
    Organization
    No of Employees Physical Access Disabled /No of Employees 100% Exit Form/Help Desk Ticket Half Yearly
    Left the Organization
    No. of Risk assessment conducted/ total no of risk assessment 100% Risk Assessment Reports Yearly
    planned
    No of Contractual/Regulator Requirements Implemented as per 100% Compliance Tracker Half Yearly
    customer contractual requirements/No of
    Contractual/Regulator Requirements Identified as per the
    customer contractual requirements.

    Information security awareness training for new joinees / No of 100% HR Training Records Half Yearly
    new joinees
    No of Functional/Project groups following Information 100% Audit Reports Half Yearly
    Classification Policy/No of Functional/Project Groups Exist

    100% uptime of Network 95% Incident Tracker Half Yearly

    Review and updation of capacity plan to be conducted annualy 100% capacity Management report Yearly
    Responsibility Review Forum
    IT MRM

    INVESTIGATION DEPT MRM

    MR MRM

    MR/INVESTIGATION DEPT MRM

    MR MRM

    MR MRM

    IT MRM

    IT MRM
    Back to Metric sheet

    Metrics \ No of Employee User No of Employees Left Logical Access


    Measurement ID's Disabled the Organization compliance
    Aug-13 2 2 100%
    Sep-13 0 0 100%
    Mar-14 0 0 100%
    Jun-14 0 0 100%
    Jul-14 0 0 100%
    Nov-14 0 0 100%
    Jan-15 1 1 100%
    Feb-15 0 0 100%
    Mar-15 0 0 100%
    May-15 0 0 100%
    Jun-15 0 0 100%
    Jul-15 0 0 100%
    Aug-15 0 0 100%
    Sep-15 0 0 100%
    Oct-15 0 0 100%
    Nov-15 2 2 100%
    Dec-15 0 0 100%
    Jan-16 0 0 100%
    Feb-16 0 0 100%
    Mar-16 0 0 100%
    Apr-16 0 0 100%
    May-16 0 0 100%
    Jun-16 0 0 100%
    Jul-16 0 0 100%
    Aug-16 0 0 100%
    Sep-16 0 0 100%
    Oct-16 0 0 100%
    Nov-16 0 0 100%
    Dec-16 0 0 100%
    Jan-17 0 0 100%
    Feb-17 0 0 100%
    Mar-17 0 0 100%
    Apr-17 1 1 100%
    May-17 0 0 100%
    Jun-17 1 1 100%
    Jul-17 4 4 100%
    Aug-17 3 3 100%
    Sep-17 6 6 100%
    Oct-17 2 2 100%
    Nov-17 1 1 100%
    Dec-17 11 11 100%
    Jan-18 4 4 100%
    Feb-18 6 6 100%
    Mar-18 4 4 100%
    Apr-18 3 3 100%
    May-18 17 17 100%
    Jun-18 8 8 100%
    Jul-18 12 12 100%
    Aug-18 14 14 100%
    Sep-18 16 16 100%
    Oct-18 3 3 100%
    Nov-18 13 13 100%
    Dec-18 13 13 100%
    Jan-19 7 7 100%
    Feb-19
    Back to Metric sheet

    No of Employees
    Metrics \ Physical Access No of Employees Left Physical Access
    Measurement Disabled the Organization compliance
    Aug-13 2 2 100%
    Sep-13 0 0 100%
    Mar-14 0 0 100%
    Jun-14 0 0 100%
    Jul-14 0 0 100%
    Nov-14 0 0 100%
    Jan-15 1 1 100%
    Feb-15 0 0 100%
    Mar-15 0 0 100%
    May-15 0 0 100%
    Jun-15 0 0 100%
    Jul-15 0 0 100%
    Aug-15 0 0 100%
    Sep-15 0 0 100%
    Oct-15 0 0 100%
    Nov-15 2 2 100%
    Dec-15 0 0 100%
    Jan-16 0 0 100%
    Feb-16 0 0 100%
    Mar-16 0 0 100%
    Apr-16 0 0 100%
    May-16 0 0 100%
    Jun-16 0 0 100%
    Jul-16 0 0 100%
    Aug-16 0 0 100%
    Sep-16 0 0 100%
    Oct-16 0 0 100%
    Nov-16 0 0 100%
    Dec-16 0 0 100%
    Jan-17 0 0 100%
    Feb-17 0 0 100%
    Mar-17 0 0 100%
    Apr-17 1 1 100%
    May-17 0 0 100%
    Jun-17 1 1 100%
    Jul-17 4 4 100%
    Aug-17 3 3 100%
    Sep-17 6 6 100%
    Oct-17 2 2 100%
    Nov-17 1 1 100%
    Dec-17 11 11 100%
    Jan-18 4 4 100%
    Feb-18 6 6 100%
    Mar-18 4 4 100%
    Apr-18 3 3 100%
    May-18 17 17 100%
    Jun-18 8 8 100%
    Jul-18 12 12 100%
    Aug-18 14 14 100%
    Sep-18 16 16 100%
    Oct-18 3 3 100%
    Nov-18 13 13 100%
    Dec-18 13 13 100%
    Jan-19 7 7 100%
    Feb-19
    Back to Metric sheet

    No. of Risk
    Metrics \ assessment total no of risk Risk Assessment
    Measurement conducted assessment planned compliance
    Aug-15 1 1 100%
    Aug-16 1 1 100%
    Jun-17 1 1 100%
    Jun-18 1 1 100%
    Jan-19 1 1 100%
    0%
    0%
    0%
    0%
    0%
    0%
    0%
    0%
    Back to Metric sheet

    No of No of
    Contractual/Regulator Contractual/Regulator
    Requirements Requirements
    Implemented as per Identified as per the
    Metrics \ customer contractual customer contractual
    Measurement requirements requirements. Compliance
    Jan-15 1 1 100%
    Jan-16 1 1 100%
    Jun-17 1 1 100%
    0%
    0%
    0%
    0%
    0%
    0%
    0%
    0%
    0%
    0%
    Back to Metric sheet

    Information security
    Metrics \ awareness training for Awareness
    Measurement new joinees No of new joinees compliance
    Jan-15 1 1 100%
    Feb-15 0 0 100%
    Mar-15 0 0 100%
    Apr-15 1 1 100%
    May-15 0 0 100%
    Jun-15 0 0 100%
    Jul-15 0 0 100%
    Aug-15 0 0 100%
    Sep-15 1 1 100%
    Oct-15 0 0 100%
    Nov-15 0 0 100%
    Dec-15 0 0 100%
    Jan-16 0 0 100%
    Feb-16 0 0 100%
    Mar-16 0 0 100%
    Apr-16 0 0 100%
    May-16 0 0 100%
    Jun-16 0 0 100%
    Jul-16 0 0 100%
    Aug-16 0 0 100%
    Sep-16 0 0 100%
    Oct-16 0 0 100%
    Nov-16 0 0 100%
    Dec-16 0 0 100%
    Jan-17 0 0 100%
    Feb-17 0 0 100%
    Mar-17 1 1 100%
    Apr-17 1 1 100%
    May-17 0 0 100%
    Jun-17 1 1 100%
    Jul-17 5 5 100%
    Aug-17 5 5 100%
    Sep-17 3 3 100%
    Oct-17 9 9 100%
    Nov-17 7 7 100%
    Dec-17 7 7 100%
    Jan-18 13 13 100%
    Feb-18 2 2 100%
    Mar-18 5 5 100%
    Apr-18 3 3 100%
    May-18 9 9 100%
    Jun-18 14 14 100%
    Jul-18 27 27 100%
    Aug-18 24 24 100%
    Sep-18 18 18 100%
    Oct-18 20 20 100%
    Nov-18 6 6 100%
    Dec-18 13 13 100%
    Jan-19 13 13 100%
    Feb-19 9 9 100%
    Back to Metric sheet

    No of
    Functional/Project
    groups following No of
    Metrics \ Information Functional/Project Asset classification
    Measurement Classification Policy Groups Exist compliance
    Jan-15 6 6 100%
    Jun-15 6 6 100%
    Dec-15 6 6 100%
    Jun-16 6 6 100%
    Sep-16 6 6 100%
    Jun-17 6 6 100%
    Dec-17 6 6 100%
    Jun-18 6 6 100%
    Jan-19 13 13 100%
    0%
    0%
    0%
    0%
    Back to Metric sheet

    Metrics \ NO OF times ISP NO OF Network


    Measurement WAS DOWN INCIDENT Compliance
    (Half Yearly) WRT ISP

    Aug-13 0 0 100%
    Feb-14 0 0 100%
    Aug-14 0 0 100%
    Feb-15 0 0 100%
    Aug-15 0 0 100%
    Feb-16 0 0 100%
    Aug-16 1 1 100%
    Jun-17 0 0 100%
    Back to Metric sheet

    Metrics \ NO of review NO of review Compliance


    Measurement and up dation and up dation
    of capacity plan of capacity
    scheduled plan
    annually conducted
    Apr-15 1 1 100%
    Apr-16 1 1 100%
    Jun-17 1 1 100%
    Jun-18 1 1 100%
    Jan-19 1 1 100%

    You might also like