ISO/IEC 27035-2
ISO/IEC 27035-2:2023 — Information technology — Information security incident management — Part 2: Guidelines to plan and prepare for incident response
(second edition)
Abstract
ISO/IEC 27035 part 2 “provides guidelines to plan and prepare for incident response and to learn lessons from incident response. The guidelines are based on the plan and prepare and learn lessons phases of the information security incident management phases model presented in [part 1 clauses] 5.2 and 5.6 ...”
[Source: ISO/IEC 27035-2:2023]
Introduction
Part 2 concerns assurance that the organisation is in fact ready to respond appropriately to information security incidents that may yet occur.
Scope
Part 2 covers the Plan and prepare and Learn lessons phases of the process laid out in part 1.
Structure
Main sections:
4: Information security incident management policy
5: Updating of information security policies
6: Creating information security incident management plan
7: Establishing an incident management capability
8: Establishing internal and external relationships
9: Defining technical and other support
10: Creating information security incident awareness and training
11: Testing the information security incident management plan
12: Learn lessons
... plus annexes with example forms, incident categorization approaches, and notes on ‘legal and regulatory requirements’ (mostly privacy).
Status
The first edition of part 2 was published in 2016.
Having been revised for ISO/IEC 27002:2022 and with a new clause 8, the second edition was published in 2023.
Commentary
This part of ISO/IUEC 27035 addresses the rhetorical question “Are we ready to respond to an incident?” and promotes learning from incidents to improve things for the future.