The IT Law Wiki

ISO/IEC 27035-1


32,297pages on
this wiki
Add New Page
Talk0 Share

Citation Edit

ISO/IEC 27035-1: (Draft) Principles of Incident Management.

Overview Edit

Part 1 outlines the concepts and principles underpinning information security incident management and introduces the remaining two parts (ISO/IEC 27035-2) and (ISO/IEC 27035-3). It describes an information security incident management process consisting of five phases, and provides information on how to improve incident management.

  • Plan and prepare: Establish an information security incident management policy, form an Incident Response Team etc.
  • Detection and reporting: Someone has to spot and report “events” that might be or turn into incidents;
  • Assessment and decision: Someone must assess the situation to determine whether it is in fact an incident;
  • Responses: Contain, eradicate, recover from and forensically analyze the incident, where appropriate;
  • Lessons learned: Make systematic improvements to the organization’s management of information security risks as a consequence of incidents experienced.

Annexes give examples of information security incidents and cross-references to the eForensics and ISO/IEC 27001 standards.

Source Edit

  • ISO/IEC 27035:2011 Information technology — Security techniques — Information security incident management (full-text).

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Also on Fandom

Random Wiki