Information Security Incident Management according to the ISO/IEC 27035-2 standard

28 Jun 2023 07:00 AM By Davide Micheli

Reading time: ~ 3 min.

The information security incident management process according to the ISO/IEC 27035-2

On the previous post about this topic (see the part 1 here) we focused in particular onessential concepts and the stages on handling the information security incident: today we're going to take a closer look the the «Guidelines to plan and prepare for incident response» available on the PART 2 of the ISO/IEC 27035 Standard.

It is important to note that the second part of this standard gives us also a focus on how to learn lessons from the incident response itself, providing us a sort of «best practices» on handling better this matter.

Please be aware that these guidelines are related to on the «plan and prepare» and the «lessons learned» steps of the information security incident management model based on the ISO/IEC 27035-1:2023 standard.

The ISO/IEC 27035-2:2023 main aspects on the «plan & prepare» steps

If we consider the «plan & prepare» steps of the ISO/IEC 27035-2:2023, we can notice that the standard includes in particular these principal aspects:

information security incident management policy and commitment of top management;

information security policies, including those relating to risk management, updated at both organizational level and system, service and network levels;

information security incident management plan;

Incident Management Team (IMT) establishment;

establishing relationships and connections with internal and external organizations;

technical and other support (including organizational and operational support);

information security incident management awareness briefings and training.

The ISO/IEC 27035-2:2023 main aspects on the «lessons learned» phase

If we take a look at the «lessons learned» phase as considered by the ISO/IEC 27035-2:2023, we can notice that the standard includes in particular these main aspects:

identifying areas for improvement;

identifying and making necessary improvements;

incident Response Team (IRT) evaluation.

ISO/IEC 27035-2:2023 Information security incident management and the correlation with others standards

If we reflect on the others ISO standards we can put in relation with this ISO/IEC 27035-2, we can easily find out these ones:

  • ISO 27001 Information Security Standards (in particular Appendix A);
  • ISO 20000-1 Services (clause 8.6.1 incident management)
  • ISO 22301 Business continuity.

The ISO/IEC27035-2:2023 standard on information security incident management

In order to understand better how to manage and adjust this ISO standard let's take a look at this infographic:
By Andrea Leonardi (VP @ Minerva Group Service, MP @ Alpemi Consulting & itSMF Swizerland board member).
We end our brief overview on «Information Security Incident Management according to the ISO/IEC 27035-2 standard»inviting you to stay tuned on our blog, social media channels and newsletter to be always updated on the next news about this topic.

If you want support our effort to bring you the best content quality and sharing value, do not forget to follow us on our LinkedIn page!

Need to know more about it?

Click on one of the options below to enter in the itSMF Enviroment and for being updated the way which is best for you.

Subscribe to itSMF Newsletter
Get the benefits of Membership Program

Davide Micheli