Norm: ISO/IEC 27035-2

Zuletzt bearbeitet am 14.04.2024 um 18:00:47.
Name:
ISO/IEC 27035-2
Titel (Deutsch):
Informationstechnik - Management von Informationssicherheitsvorfällen - Teil 2: Leitfaden zur Planung und Vorbereitung der Reaktion auf Vorfälle
Titel (Englisch):
Information technology - Information security incident management - Part 2: Guidance for planning and preparing for incident response
letzte Aktualisierung:
:2023-02
Seiten:
53
Link (Herausgeber):
https://www.beuth.de/de/norm/iso-iec-27035-2/365278150

Systematik

Beschreibung

Verweis auf Übersichtsnorm ISO/IEC 27035 (ff.)

Contents

Foreword
Introduction

1 Scope

2 Normative references

3 Terms, definitions and abbreviated terms

3.1 Terms and definitions
3.2 Abbreviated terms

4 Information security incident management policy

4.1 General
4.2 Interested parties
4.3 Information security incident management policy content

5 Updating of information security policies

5.1 General
5.2 Linking of policy documents

6 Creating information security incident management plan

6.1 General
6.2 Information security incident management plan built on consensus
6.3 Interested parties
6.4 Information security incident management plan content
6.5 Incident classification scale
6.6 Incident forms
6.7 Documented processes and procedures
6.8 Trust and confidence
6.9 Handling confidential or sensitive information

7 Establishing an incident management capability

7.1 General
7.2 Incident management team establishment
7.2.1 IMT structure
7.2.2 IMT roles and responsibilities
7.3 Incident response team establishment
7.3.1 IRT structure
7.3.2 IRT types and roles
7.3.3 IRT staff competencies

8 Establishing internal and external relationships

8.1 General
8.2 Relationship with other parts of the organization
8.3 Relationship with external interested parties

9 Defining technical and other support

9.1 General
9.2 Technical support
9.3 Other support

10 Creating information security incident awareness and training

11 Testing the information security incident management plan

11.1 General
11.2 Exercise
11.2.1 Defining the goal of the exercise
11.2.2 Defining the scope of an exercise
11.2.3 Conducting an exercise
11.3 Incident response capability monitoring
11.3.1 Implementing an incident response capability monitoring programme
11.3.2 Metrics and governance of incident response capability monitoring

12 Learn lessons

12.1 General
12.2 Identifying areas for improvement
12.3 Identifying and making improvements to the information security incident management plan
12.4 IMT evaluation
12.5 Identifying and making improvements to information security control implementation
12.6 Identifying and making improvements to information security risk assessment and management review results
12.7 Other improvements

Annex A (informative) Considerations related to legal or regulatory requirements

Annex B (informative) Example forms for information security events, incidents and vulnerability reports

Annex C (informative) Example approaches to the categorization, evaluation and prioritization of information security events and incidents

Bibliography