Citation Edit

ISO/IEC 27035-1: (Draft) Principles of Incident Management.

Overview Edit

Part 1 outlines the concepts and principles underpinning information security incident management and introduces the remaining two parts (ISO/IEC 27035-2) and (ISO/IEC 27035-3). It describes an information security incident management process consisting of five phases, and provides information on how to improve incident management.

  • Plan and prepare: Establish an information security incident management policy, form an Incident Response Team etc.
  • Detection and reporting: Someone has to spot and report “events” that might be or turn into incidents;
  • Assessment and decision: Someone must assess the situation to determine whether it is in fact an incident;
  • Responses: Contain, eradicate, recover from and forensically analyze the incident, where appropriate;
  • Lessons learned: Make systematic improvements to the organization’s management of information security risks as a consequence of incidents experienced.

Annexes give examples of information security incidents and cross-references to the eForensics and ISO/IEC 27001 standards.

Source Edit

  • ISO/IEC 27035:2011 Information technology — Security techniques — Information security incident management (full-text).

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.