BS ISO/IEC 27035-3. Information technology. Information security incident management Part 3. Guidelines for ICT incident response operations
|Standard number:||20/30387742 DC|
|Status:||Draft for Comment|
- 35.030 IT Security
This document provides the guidelines for ICT incident response operations. This document is not concerned with non-ICT incident response operations such as loss of paper-based documents. The guidelines are based on the “Detection and Reporting” phase, the “Assessment and Decision” phase and the “Responses” phase of the “Information security incident management phases” model presented in ISO/IEC 27035-1:2016.
The principles given in this document are generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the guidelines given in this document according to their type, size and nature of business in relation to the information security risk situation. This document is also applicable to external organizations providing information security incident management services.