Abstract
This document provides guidelines to plan and prepare for incident response and to learn lessons from incident response. The guidelines are based on the βplan and prepareβ and βlearn lessonsβ phases of the information security incident management phases model presented in ΟγΈΫΑωΊΟ²ΚΏͺ½±/IECΜύ27035-1:2023, 5.2 and 5.6.
The major points within the βplan and prepareβ phase include:
βΜύΜύΜύ information security incident management policy and commitment of top management;
βΜύΜύΜύ information security policies, including those relating to risk management, updated at both organizational level and system, service and network levels;
βΜύΜύΜύ information security incident management plan;
βΜύΜύΜύ Incident Management Team (IMT) establishment;
βΜύΜύΜύ establishing relationships and connections with internal and external organizations;
βΜύΜύΜύ technical and other support (including organizational and operational support);
βΜύΜύΜύ information security incident management awareness briefings and training.
The βlearn lessonsβ phase includes:
βΜύΜύΜύ identifying areas for improvement;
βΜύΜύΜύ identifying and making necessary improvements;
βΜύΜύΜύ Incident Response Team (IRT) evaluation.
The guidance given in this document is generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the guidance given in this document according to their type, size and nature of business in relation to the information security risk situation. This documentΜύis also applicable to external organizations providing information security incident management services.
General information
-
Status: PublishedPublication date: 2023-02Stage: International Standard published [60.60]
-
Edition: 2Number of pages: 53
-
Technical Committee :ΟγΈΫΑωΊΟ²ΚΏͺ½±/IEC JTC 1/SC 27ICS :35.030
- RSS updates
Life cycle
Opening hours:
Monday to Friday - 09:00-12:00, 14:00-17:00 (UTC+1)