ISO/IEC 27035-3
ISO/IEC 27035-3:2020 — Information technology — Information security incident management — Part 3: Guidelines for ICT incident response operations
(first edition)
Abstract
ISO/IEC 27035 part 3 “gives guidelines for information security incident response in ICT security operations. [ISO/IEC 27035-3] does this by firstly covering the operational aspects in ICT security operations from a people, processes and technology perspective. It then further focuses on information security incident response in ICT security operations including information security incident detection, reporting, triage, analysis, response, containment, eradication, recovery and conclusion ...”
Source: ISO/IEC 27035-3:2020]
Introduction
Part 3 concerns the 'security operations' elements in response to an IT incident.
Scope
Part 3 concerns the organisation and processes necessary for the information security function to prepare for, and respond to, IT security events and incidents - mostly active, deliberate attacks in fact.
Structure
Main sections:
5: Overview
6: Common types of attacks
7: Incident detection operations
8: Incident notification operations
9: Incident triage operations
10: Incident analysis operations
11: Incident containment, eradication and recovery operations
12: Incident reporting operations
Annex A: Example of the incident criteria based on information security events and incidents
Status
The current first edition of part 3 was published in 2020.
Commentary
The standard’s title contains a commonplace but unexpanded abbreviation: ICT. Plain old "IT" has included communications and networking for decades, so I'm not sure why they felt the need for the C.