Information security breaches can compromise your business systems, and cause disruption to business operations. Being prepared and responding in a timely and effective way can mean the difference between minor incident and a business disaster. Using an information security incident management system enables organizations to have the controls and procedures in place to manage a wide variety of security incidents and vulnerabilities.

ISO/IEC 27035:2011, Information technology – Security techniques – Information security incident management, gives “how to” guidance on detecting, reporting and assessing information security incidents and vulnerabilities.

It will help organizations respond to information security incidents, including the activation of appropriate controls for the prevention and reduction of, and recovery from, impacts, and, in so doing, learn and improve their overall approach.

Integrating an information security incident management system offers several benefits:

  • Improve overall information security
  • Reduce adverse business impacts
  • Strengthen the information security incident prevention focus, prioritization, and evidence
  • Contribute to budgetary and resource justifications
  • Improve updates to information security risk assessment and management results
  • Provide enhanced information security awareness and training program material
  • Provide input to your information security policy and related documentation reviews.

Edward Humphreys, whose team developed the original version of the standard, ISO/IEC TR 18044:2004, commented: “Effective and timely handling of major incidents can make the difference between the survival or ‘death’ of an organization. The new ISO/IEC 27035 standard provides tried and tested advice on the processes and methods that need to be deployed for ensuring effective management of information security incidents.

“Incidents can vary from the minor, which may have an impact on an isolated business system to a major incident, which affects all business systems. Some incidents have the effect of disrupting an organization and the use of its business resources for 24-72 hours or more; some cause a serious loss and/or destruction of data and some can leave the organization with a serious crime on their hands. ISO/IEC 27035:2011 offers a solution.”

ISO/IEC 27035:2011, which replaces technical report ISO/IEC TR 18044:2004, supports the general concepts specified in ISO/IEC 27001:2005, Information technology – Security techniques – Information security management systems – Requirements.

The new standard is applicable to any organization, irrespective of size. It covers a range of information security incidents, whether deliberate or accidental, and whether caused by technical or physical means.

ISO/IEC 27035:2011, Information technology – Security techniques – Information security risk management, was developed by the joint technical committee ISO/IEC JTC 1, Information technology, subcommittee SC 27, IT Security techniques. It is available from ISO national member institutes (see the complete list with contact details). It may also be obtained directly from the ISO Central Secretariat, price 180 Swiss francs through the ISO Store or by contacting the Marketing, Communication & Information department (see right-hand column).