Introduction To ISO 27004 (ISO27004)
Published in December 2009, ISO 27004 provides guidance on the development and use of measures and measurement for the assessment of the effectiveness of an implemented information security management system and controls, as specified in ISO 27001. The appendix of the document also suggests metrics which were selected to align with ISO 27002.
It is intended to help an organization establish the effectiveness of its ISMS implementation, embracing benchmarking and performance targeting within the PDCA cycle.
Formal Title: "Information technology - Security techniques - Information security management - Measurement"
ISO 27004 is applicable to all types and sizes of organization..