M6.1 PERFORMANCE EVALUATION POLICY
OBJECTIVE
To maintain a performance evaluation policy outlining the approach to measure and evaluate the effectiveness of the information security of the entity.
PERFORMANCE INDICATOR
Percentage of successful performance measures applied
AUTOMATION GUIDANCE
Not applicable
RELEVANT THREATS AND VULNERABILITIES
- No performance evaluation
- Performance evaluation against wrong criteria
Followings are controls applicable for this control family.
M6.1.1 - P3 - PERFORMANCE EVALUATION POLICY
M6.2 PERFORMANCE EVALUATION
OBJECTIVE
To ensure that information security performance is measured, analyzed and evaluated.
PERFORMANCE INDICATOR
Percentage of all those con-conformities that have been detected and not resolved within the time frame planned.
AUTOMATION GUIDANCE
Not applicable
RELEVANT THREATS AND VULNERABILITIES
- Non-compliance with controls of this Standard
- Under-performance of information security controls in place
- Ineffective controls
Followings are controls applicable for this control family.
M6.3 IMPROVEMENT
OBJECTIVE
To correct nonconformities with this Standard and to continually improve the information security program in place
PERFORMANCE INDICATOR
Number of all non-conformities that have been detected and not resolved within the time frame planned
AUTOMATION GUIDANCE
Not applicable
RELEVANT THREATS AND VULNERABILITIES
- Non-compliance with the controls in this Standard
- Repeated incidents and inappropriate action to information security problems
- No improvements to information security
Followings are controls applicable for this control family.
