ISO/IEC 27004 Information Technology – Security techniques – Information Security Management – Measurement. It is part of a family of standards of information security management system (ISMS), which is a systematic approach to securing sensitive information, of ISO/IEC. It provides standards for a robust approach to managing information security (infosec) and building resilience. It was published on December 7, 2009 and revised in December 2016. It is currently not certifiable and is not translated into Spanish. This standard appears in ISO/IEC 27000-series (more information can be found in ISO/IEC 27000). The ISO/IEC 27004 standard provides guidelines intended to assist organizations to evaluate the performance of information security and the efficiency of a management system in order to meet the requirements of the ISO/IEC 27001.

What does the standard establish?

This standard establishes: This standard is applicable to all types of organizations regardless of size.

Terms and structure

The terms and definitions given in this standard are defined within the standard ISO/IEC 27000. The ISO/IEC 27004 standard is structured as follows: In addition to that, it has 3 annexes (A, B, C):