Is my ISMS working?

So we now understand where our risk is from an information security perspective, we have created policies and procedures to support our organizational goals and best practice and we have educated our information system user base on these standards to support best practice.

Has this created the desired outcome? Are we more secure with our information?

Now the real hard work starts....

Without measures and metrics and continued diligence and redefinition the process and implementation will not be as successful - period. This work is very hard difficult but ultimately allows us to continually improve our system, understand where the opportunities are and effectiveness of the solutions we have implemented.




"What gets measured, gets managed" - Peter Drucker