The IT Law Wiki
The IT Law Wiki

Citation[]

ISO/IEC 27035-2: (Draft) Guidelines To Plan And Prepare For Incident Response.

Overview[]

Part 2 concerns assurance that the organization is in fact ready to respond appropriately to information security incidents that may yet occur. It promotes learning from past incidents to improve things for the future. It covers the Plan and Prepare and Lessons LearnedĀ phases of the process laid out in Part 1 (ISO/IEC 27035-1).

Content: The Guidelines have eight main clauses:

It also contains annexes with incident categorization examples, and notes on "legal and regulatory aspects" (mostly privacy).

Source[]

  • ISO/IEC 27035:2011 Information technology ā€” Security techniques ā€” Information security incident management (full-text).