Розробка пропозицій щодо кількісного оцінювання рівня реалізації вимог стандарту ISO/IEC 27001:2022

Abstract

In the modern world, information security is a key aspect for companies, confirmed by the implementation of information security management systems. The audit of these systems is an integral stage. ISO/IEC 27001 and other standards provide certain frameworks for this procedure. However, most standards are declarative or imperative in nature and do not contain specific proposals for assessing the audit results. This work proposes an approach to the quantitative assessment of the implementation of the ISO/IEC 27001:2022 standard by decomposition the audit into specific criteria. For a clear display of the adoption rate of a certain criterion, a fan chart was used, where the levels of implementation of each subprocesses was indicated.