Cyber Security

CIR Standard Appendix 9: ISO 27035

Written by Moh Heng Goh | Nov 28, 2022 12:28:57 PM

CIR Related Standards

ISO 27035

18.1 Introduction

ISO 27035 covers guidelines (ISO/IEC 27035, 2016) for planning and preparing for incident response. Incident management is a crucial component to build cyber resiliency within an organisation. Although mitigation may be in place to prevent cyber security attacks, organisations have to be prepared to respond quickly and effectively when sophisticated attacks can pass the preventive controls. The previous standards focused more on the proactive side of cyber security management, whereas this standard covers more of the reactive component.

19.2 Scope

The planning and preparation cover:

  • Develop information security incident management policies;
  • Acquire top management commitment;
  • Update information security policies at corporate and system, service and network levels;
  • Develop information security incident management plan;
  • Establish incident response team;
  • Establish relationships and connections with internal and external organisations;
  • Acquire technical, organisational, operational and other support;
  • Conduct information security incident management awareness briefings and training; and
  • Test information security incident management plan.

19.3 Processes

ISO 27035 consists of best practices (IT Governance, 2016) for information security incident management. It provides organisations with a framework to:

  • Detect, report and assess information security incidents;
  • Respond to and manage information security incidents;
  • Detect, assess and manage information security vulnerabilities; and
  • Improve information security and incident management continually through management of information security incidents and vulnerabilities

ISO Standards Related to CIR
ISO22301 ISO27000 Family ISO27001      
     
           
           

 

 

Do You Want to Continue BCM Training onsite or online?

Competency-based Course
 Certification Course

Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.

Reference: Chapter 19 Appendix 9: ISO 27035

Note:  This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.

 
View full post