ISO/IEC 27004:2009 Information Security Management System (ISMS) Measurement Course

The Course is based on ISO 27004 – ISMS Measurement; known as information security metrics which is an essential tool for effective ISMS development and management. This will help you to understand the information security risks you face by implementing and operating an Information Security Measurement Program.

The objective of this course is to provide delegates with the necessary skills for development and use of measures and measurement methods in order to assess the effectiveness of an implemented information security management system (ISMS) and controls or groups of controls, as specified in ISO/IEC 27001. This includes policy, information security risk management, control objectives, controls, processes and procedures etc…  The course will provide delegates with a framework for measurements program development and operation. 

Who should attend?

  • Staff tasked with the implementation and management of a ISO/IEC 27001 Information security management system
  • Information Security Managers
  • Information security consultants

What will I learn?

  • Information Security Measurement Programme
  • Management responsibilities
  • Measurement Function
  • Definition of measurement scope
  • Identification of information needed
  • Base measure and measurement method
  • Measure selection
  • Information security measurement model
  • Indicators and analytical model
  • Measurement results and decision criteria
  • Measurement implementation and documentation
  • Measurement  Procedure integration
  • Measurement operation
  • Measurement construct examples
  • Evaluation criteria; identification for the Information Security Measurement Programme
  • Monitor, review, and evaluate the Information Security Measurement Programme

What are the benefits?

Both the objective and result of the course will be to measure, report and systematically improve the effectiveness of your Information Security Management Systems (ISMS) under the expert tutelage and guidance of a BSI tutor. Take the knowledge and skills imparted during this exercise and use them to improve and protect your business.

Further information

Participants who successfully complete the course will be issued a certificate by BSI


The course is designed for people who have a good understanding of ISO/IEC 27001 and ISO 17799 (recently renamed ISO 27002) Information security management systems, (attendance of implementation or Lead Implementer  to ISO/IEC 27001 Information Security or the ISO/IEC 27001 lead auditor course is recommended).

Call our training team now on

+ 971 4 336 4917