Back

Report on the percentage of key organizational functions for which an assurance strategy is implemented.


CONTROL ID
01658
CONTROL TYPE
Actionable Reports or Measurements
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain risk management metrics., CC ID: 01656

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The purpose of this measurement is to measure the percentage of key organizational functions for which a comprehensive strategy has been implemented to mitigate information security risks as necessary and to maintain these risks within acceptable thresholds. (§ 18.1, IIA Global Technology Audit Guide (GTAG) 1: Information Technology Controls)
  • The organization must measure and report on the percentage of key organizational functions for which a comprehensive strategy has been implemented to mitigate information security risks as necessary and to maintain these risks within acceptable thresholds. (ISPE1.2, CISWG Information Security Program Elements, 10-Jan-05)
  • Ultimately, all organization efforts must support overall organization goals and objectives, which are defined and reassessed annually during organization strategic planning activities. To demonstrate the importance of information security to accomplishing an organization mission, it must be explici… (§ 4.1, § 5.1, Guide for Developing Performance Metrics for Information Security, NIST SP 800-80)