ISO/IEC 27035-4
ISO/IEC 27035-4:2024 — Information technology — Information security incident management — Part 4: Coordination
(first edition)
Abstract
ISO/IEC 27035 part 4 “provides guidelines for multiple organizations handling information security incidents in a coordinated manner. It also addresses the impacts of external cooperation on the internal incident management of an individual organization and provides guidelines for an individual organization to adapt to the coordination process. Furthermore, it provides guidelines for the coordination team, if it exists, to perform coordination activities supporting the cross-organization incident response. The principles given in [ISO/IEC 27035-4] are generic and are intended to be applicable to multiple organizations to work together to handle information security incidents, regardless of their types, sizes or nature. Organizations can adjust the guidance given in [ISO/IEC 27035-4] according to their type, sizes and nature of business in relation to the information security risk situation. [ISO/IEC 27035-4] is also applicable to an individual organization that participates in partner relationships.”
[Source: ISO/IEC 27035-4:2024]
Introduction
Whereas managing routine information security incidents typically involves several departments or teams within an organisation, exceptional/major incidents (such as botnet or phishing attacks) require collaboration and coordination between the Incident Response Teams of several organisations, often in different countries. They may be affected or involved in various ways e.g. Internet and cloud service providers, plus law enforcement, plus the targeted organisation/s.
Scope
Part 4 is about coordinating responses to major incidents with other implicated, involved or support organisations, such as cloud and network suppliers.
Structure
Main sections:
4: Overview
5: Coordinated incident management process
6: Guidelines for key activities of coordinated incident management
Annex A: Examples of information security incident management coordination
Status
The current first edition was published in 2024.
Commentary
Part 4 "provides guidelines for multiple organizations handling information security incidents in a coordinated manner. It also addresses the impacts of external cooperation on the internal incident management of an individual organization and provides guidelines for an individual organization to adapt to the coordination process. Furthermore, it provides guidelines for the coordination team, if it exists, to perform coordination activities supporting the cross-organization incident response.
The principles given in this document are generic and are intended to be applicable to multiple organizations to work together to handle information security incidents, regardless of their types, sizes or nature. Organizations can adjust the guidance given in this document according to their type, sizes and nature of business in relation to the information security risk situation. This document is also applicable to an individual organization that participates in partner relationships."