Skip to content
📢 Live webinar: Solving the top 5 GRC challenges for security leaders —save your spot →

Glossary definition: ISO/IEC /IEC 27004

ISO/IEC 27004: Measurement of IT Service Quality

ISO/IEC 27004 is an international standard developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) that provides guidance for the measurement of Information Security performance. It focuses on the process of measuring the effectiveness of Information Security Management Systems (ISMS) and provides a framework for organizations to use when developing and implementing their own measurement program. The standard defines the concept of Security Measurement, which is the process of collecting, analyzing, and interpreting data to assess the performance of the ISMS, and provides guidance on the selection of appropriate security metrics and the development of an effective measurement program. It also provides guidance on the interpretation of results and the use of the information generated by the measurement program to improve the security posture of the organization. ISO/IEC 27004 is an important tool for organizations to use when assessing their security performance and for developing a comprehensive security management program.