CIR Related Standards
ISO 27035
18.1 Introduction
ISO 27035 covers guidelines (ISO/IEC 27035, 2016) for planning and preparing for incident response. Incident management is a crucial component to build cyber resiliency within an organisation. Although mitigation may be in place to prevent cyber security attacks, organisations have to be prepared to respond quickly and effectively when sophisticated attacks can pass the preventive controls. The previous standards focused more on the proactive side of cyber security management, whereas this standard covers more of the reactive component.
19.2 Scope
The planning and preparation cover:
- Develop information security incident management policies;
- Acquire top management commitment;
- Update information security policies at corporate and system, service and network levels;
- Develop information security incident management plan;
- Establish incident response team;
- Establish relationships and connections with internal and external organisations;
- Acquire technical, organisational, operational and other support;
- Conduct information security incident management awareness briefings and training; and
- Test information security incident management plan.
19.3 Processes
ISO 27035 consists of best practices (IT Governance, 2016) for information security incident management. It provides organisations with a framework to:
- Detect, report and assess information security incidents;
- Respond to and manage information security incidents;
- Detect, assess and manage information security vulnerabilities; and
- Improve information security and incident management continually through management of information security incidents and vulnerabilities
ISO Standards Related to CIR
Do You Want to Continue BCM Training onsite or online?
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 19 Appendix 9: ISO 27035
Note: This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.