ISO/IEC 27035-1: (Draft) Principles of Incident Management.
Part 1 outlines the concepts and principles underpinning information security incident management and introduces the remaining two parts (ISO/IEC 27035-2) and (ISO/IEC 27035-3). It describes an information security incident management process consisting of five phases, and provides information on how to improve incident management.
- Plan and prepare: Establish an information security incident management policy, form an Incident Response Team etc.
- Detection and reporting: Someone has to spot and report “events” that might be or turn into incidents;
- Assessment and decision: Someone must assess the situation to determine whether it is in fact an incident;
- Responses: Contain, eradicate, recover from and forensically analyze the incident, where appropriate;
- Lessons learned: Make systematic improvements to the organization’s management of information security risks as a consequence of incidents experienced.
- ISO/IEC 27035:2011 Information technology — Security techniques — Information security incident management (full-text).