Citation[]
ISO/IEC 27035-2: (Draft) Guidelines To Plan And Prepare For Incident Response.
Overview[]
Part 2 concerns assurance that the organization is in fact ready to respond appropriately to information security incidents that may yet occur. It promotes learning from past incidents to improve things for the future. It covers the Plan and Prepare and Lessons LearnedĀ phases of the process laid out in Part 1 (ISO/IEC 27035-1).
Content: The Guidelines have eight main clauses:
- Establishing information security incident management policy
- Updating of information security and risk management policies
- Creating an information security incident management plan
- Establishing an Incident Response Team (IRT) [aka CERT or CSIRT]
- Defining technical and other support
- Creating information security incident awareness and training
- Testing the information security incident management plan
- Lesson learned.
It also contains annexes with incident categorization examples, and notes on "legal and regulatory aspects" (mostly privacy).
Source[]
- ISO/IEC 27035:2011 Information technology ā Security techniques ā Information security incident management (full-text).