ISO 27004 is an international standard that provides guidelines for measuring information security. It’s part of the ISO 27000 series of standards, which provide guidelines and best practices for information security management. ISO 27004 focuses specifically on the measurement of information security performance and effectiveness.
It provides guidance on selecting appropriate metrics and indicators to measure the performance of an organization's information security management system (ISMS) and how to use this information to improve the ISMS. The standard is intended to help organizations evaluate the effectiveness of their information security efforts and make informed decisions about how to allocate their resources for maximum benefit.