ISO/IEC 27035-1 2016 (ISO 27035 Standard) Information Security Incident Management
Information technology -- Security techniques -- Information security incident management -- Part 1: Principles of incident management.
Given the increasing risk of cyber attack, your organisation will inevitably experience a security breach at some point. The ability to respond to an event, mitigate its impact and prevent its recurrence is an essential part of effective information security management, and is a requirement of ISO 27001 and the PCI DSS.
ISO/IEC 27035-1:2016 details a best-practice approach to information security incident management. It provides a structured approach to:
The universal information security guidance in ISO 27035-1 is as applicable to small organisations as it is to large and medium-sized ones, and specific guidance is also provided for organisations providing information security incident management services.