UCF ID: 01686 |
Control Type: Actionable Reports or measurements |
Status: Live |
Metric guidance
Calculation: The calculation for this metric is # of position descriptions that define the information awareness roles for IT personnel / # of position descriptions for IT personnel.
Calculation source: No authority document source of information exists. The following formula was used: the number of IT position descriptions that contain their individual roles in relation to information awareness divided by the number of position descriptions that have been developed for IT personnel.
The Common Control IDs associated with this metric are as follows:
- • Establish and maintain job or position descriptions and ensure IT staff are aware of them. [UCF Control ID 00776]
Supporting and supported controls
This control directly supports:
- • Establish and maintain a security roles, responsibilities, and skills metrics standard. [UCF Control ID 01667]
There are no supporting controls.
Authority documents complied with:
CISWG Information Security Program Elements, January 10,2005, ISPE9.3b; IIA Global Technology Audit Guide (GTAG): Information Technology Controls, § 18.2
US Federal Security Guidance
The organization must measure and report on the percentage of position descriptions that define the information security roles, responsibilities, skills, and certifications for IT personnel. [ISPE9.3b, CISWG Information Security Program Elements, January 10,2005]
General Guidance
The purpose of this measurement is to measure the percentage of position descriptions that define the information security roles, responsibilities, skills, and certifications for IT personnel. [§ 18.2, IIA Global Technology Audit Guide (GTAG): Information Technology Controls]
Copyright 2005-2009 Unified Compliance Framework™. All rights reserved.