Information Security Indicators

Introduction

The threat from cyber attacks is growing and represents a significant risk to industry, which could include huge loss of intellectual property or of reputation.

Industry is focusing increasingly on security assurance. But a global reference framework is needed to provide a valid means of assessing an organization’s security status. The key issue is to define a full set of measurements – or security indicators – which would be shared widely.

This would enable organizations to assess themselves accurately and to benchmark their level of assurance and the effectiveness of their security measures. It could also lead to the emergence of commonly recognized and reliable statistics.

Our Role & Activities

Our Industry Specification Group on Information Security Indicators (ISG ISI) is producing specifications which together form a reliable and commonly-recognized reference model for the measurement of information security risks. We have started a phase 2 in April 2016 to develop new specifications.
ISI specifications are used increasingly in different EU countries, and are considered as unique in the standardization world filling a gap in the Cybersecurity field. They have been adopted officially by some Information Security Government Agencies.

Based on this strong basis (more than 100 large European companies and organizations using ISI today), feedback from users has been received and new specifications need to be produced. This concerns especially the design of a cybersecurity language to model threat intelligence information and enable detection tools interoperability (ISI-006), of comprehensive guidelines to build a secure SOC especially regarding the architecture aspects (ISI-007), of a whole SIEM approach which is truly integrated within an overall organization-wide and not only IT-oriented cyber defence (ISI-008).

Standards

The following is a list of the latest published ETSI standards on information security indicators.

A full list of related standards in the public domain is accessible via the ETSI standards search. Via this interface you can also subscribe for alerts on updates of ETSI standards.

For work in progress see the ETSI Work Programme on the Portal.

Standard No. Standard title.
GS ISI 005 Information Security Indicators (ISI); Guidelines for security event detection testing and assessment of detection effectiveness
GS ISI 002 Information Security Indicators (ISI); Event Model A security event classification model and taxonomy
GS ISI 001-1 Information Security Indicators (ISI); Indicators (INC); Part 1: A full set of operational indicators for organizations to use to benchmark their security posture
GS ISI 001-2 Information Security Indicators (ISI); Indicators (INC); Part 2: Guide to select operational indicators based on the full set given in part 1
GS ISI 003 Information Security Indicators (ISI); Key Performance Security Indicators (KPSI) to evaluate the maturity of security event detection
GS ISI 003 Information Security Indicators (ISI); Key Performance Security Indicators (KPSI) for the evaluation of maturity detection of security events
GS ISI 004 Information Security Indicators (ISI); Guidelines for event detection implementation
GS ISI 001-1 Information Security Indicators (ISI); Indicators (INC); Part 1: A full set of operational indicators for organizations to use to benchmark their security posture
GS ISI 001-2 Information Security Indicators (ISI); Indicators (INC); Part 2: Guide to select operational indicators based on the full set given in part 1
GS ISI 002 Information Security Indicators (ISI); Event Model A security event classification model and taxonomy