You are using an outdated browser. Please upgrade your browser to improve your experience.
| Project No. | ISO/IEC 27035-2:2023 |
|---|
| Title | <p class="MsoBodyText" style="mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">This document provides guidelines to plan and prepare for incident response and to learn lessons from incident response. The guidelines are based on the “plan and prepare” and “learn lessons” phases of the information security incident management phases model presented in </span><span class="stdpublisher"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; color: black; mso-color-alt: windowtext; border: none;"><span style="border: none;">ISO/IEC</span></span></span><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';"> <span class="stddocNumber"><span style="color: black; mso-color-alt: windowtext; border: none;"><span style="border: none;">27035</span></span></span>-<span class="stddocPartNumber"><span style="color: black; mso-color-alt: windowtext; border: none;"><span style="border: none;">1</span></span></span>:<span class="stdyear"><span style="color: black; mso-color-alt: windowtext; border: none;"><span style="border: none;">2023</span></span></span>, <span class="citesection"><span style="color: black; mso-color-alt: windowtext; border: none;"><span style="border: none;">5.2 and 5.6</span></span></span>.</span></p>
<p class="MsoBodyText" style="mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">The major points within the “plan and prepare” phase include:</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>information security incident management policy and commitment of top management;</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>information security policies, including those relating to risk management, updated at both organizational level and system, service and network levels;</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>information security incident management plan;</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>Incident Management Team (IMT) establishment;</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>establishing relationships and connections with internal and external organizations;</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>technical and other support (including organizational and operational support);</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>information security incident management awareness briefings and training.</span></p>
<p class="MsoBodyText" style="mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">The “learn lessons” phase includes:</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>identifying areas for improvement;</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>identifying and making necessary improvements;</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>Incident Response Team (IRT) evaluation.</span></p>
<p class="MsoBodyText" style="mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">The guidance given in this document is generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the guidance given in this document according to their type, size and nature of business in relation to the information security risk situation. This document is also applicable to external organizations providing information security incident management services.</span></p> |
|---|
| Registration number (WIID) | 78974 |
|---|
| Scope | <p class="MsoBodyText" style="mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">This document provides guidelines to plan and prepare for incident response and to learn lessons from incident response. The guidelines are based on the “plan and prepare” and “learn lessons” phases of the information security incident management phases model presented in </span><span class="stdpublisher"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; color: black; mso-color-alt: windowtext; border: none;"><span style="border: none;">ISO/IEC</span></span></span><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';"> <span class="stddocNumber"><span style="color: black; mso-color-alt: windowtext; border: none;"><span style="border: none;">27035</span></span></span>-<span class="stddocPartNumber"><span style="color: black; mso-color-alt: windowtext; border: none;"><span style="border: none;">1</span></span></span>:<span class="stdyear"><span style="color: black; mso-color-alt: windowtext; border: none;"><span style="border: none;">2023</span></span></span>, <span class="citesection"><span style="color: black; mso-color-alt: windowtext; border: none;"><span style="border: none;">5.2 and 5.6</span></span></span>.</span></p>
<p class="MsoBodyText" style="mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">The major points within the “plan and prepare” phase include:</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>information security incident management policy and commitment of top management;</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>information security policies, including those relating to risk management, updated at both organizational level and system, service and network levels;</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>information security incident management plan;</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>Incident Management Team (IMT) establishment;</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>establishing relationships and connections with internal and external organizations;</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>technical and other support (including organizational and operational support);</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>information security incident management awareness briefings and training.</span></p>
<p class="MsoBodyText" style="mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">The “learn lessons” phase includes:</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>identifying areas for improvement;</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>identifying and making necessary improvements;</span></p>
<p class="ListContinue1" style="tab-stops: 19.85pt 39.7pt 59.55pt 79.4pt 99.25pt 119.05pt 138.9pt 158.75pt 178.6pt 7.0cm; mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">—<span style="mso-tab-count: 1;"> </span>Incident Response Team (IRT) evaluation.</span></p>
<p class="MsoBodyText" style="mso-layout-grid-align: none; text-autospace: none;"><span lang="EN-GB" style="mso-bidi-font-size: 12.0pt; mso-fareast-font-family: 'MS Mincho';">The guidance given in this document is generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the guidance given in this document according to their type, size and nature of business in relation to the information security risk situation. This document is also applicable to external organizations providing information security incident management services.</span></p> |
|---|
| Status | Standarts spēkā |
|---|
| ICS group | 35.030 |
|---|
