ISO/IEC 27035 - Incident Management

Information Security Management

ISO/IEC 27035-1:2016 is the foundation of this multi-part International Standard. It presents basic concepts and phases of information security incident management and combines these concepts with principles in a structured approach to detecting, reporting, assessing, and responding to incidents, and applying lessons learnt.

The principles of ISO 27035-1 Standard are generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the guidance according to their type, size and nature of business in relation to the information security risk situation. It is also applicable to external organizations providing information security incident management services.

ISO 27035-1 provides a structured and planned approach to:

• detect, report and assess information security incidents;
• respond to and manage information security incidents;
• detect, assess and manage information security vulnerabilities; and
• continuously improve information security

ISO/IEC 27035:2011 provides guidance on information security incident management for large and medium-sized organizations. Smaller organizations can use a basic set of documents, processes and routines described in this International Standard, depending on their size and type of business in relation to the information security risk situation. It also provides guidance for external organizations providing information security incident management services.

Key Stages ISO 27035 / ISO 27035-1

• Prepare
• Identify
• Assess
• Respond to incidents
• Learn the lessons

Benefits of Incident Management

• improving information security;
• reducing business impacts;
• strengthening focus on prevention;
• improving prioritization of actions;
• improving the quality of evidence;
• contributing to budget and resource justification;
• improving risk management;
• improving security awareness;
• improving security policies and procedures.