The IT Law Wiki
The IT Law Wiki

Citation[]

ISO/IEC 27035-1: (Draft) Principles of Incident Management.

Overview[]

Part 1 outlines the concepts and principles underpinning information security incident management and introduces the remaining two parts (ISO/IEC 27035-2) and (ISO/IEC 27035-3). It describes an information security incident management process consisting of five phases, and provides information on how to improve incident management.

  • Plan and prepare: Establish an information security incident management policy, form an Incident Response Team etc.
  • Detection and reporting: Someone has to spot and report “events” that might be or turn into incidents;
  • Assessment and decision: Someone must assess the situation to determine whether it is in fact an incident;
  • Responses: Contain, eradicate, recover from and forensically analyze the incident, where appropriate;
  • Lessons learned: Make systematic improvements to the organization’s management of information security risks as a consequence of incidents experienced.

Annexes give examples of information security incidents and cross-references to the eForensics and ISO/IEC 27001 standards.

Source[]

  • ISO/IEC 27035:2011 Information technology — Security techniques — Information security incident management (full-text).