Information security incident management new ISO IEC Standard

Issue 33 – November 2011

Using an information security incident management system helps organisations to put procedures in place to manage information security breaches, improve information security, and reduce adverse business impacts. Information technology – Security techniques – Information security incident management ISO/IEC 27035:2011 gives 'how to' guidance to detect, report, and assess information security incidents and vulnerabilities.

'The new ISO/IEC 27035 Standard provides tried and tested advice on the methods that need to be deployed for ensuring effective management of information security incidents,' says Edward Humphreys, whose team developed the original Standard, ISO/IEC Technical Report 18044:2004.

'Incidents can vary from the minor, which may have an impact on an isolated business system, to a major incident, which affects all business systems,' says Humphreys. 'Some incidents disrupt an organisation and the use of its business resources for 24 to 72 hours or more; some cause a serious loss and/or destruction of data, and some can leave the organisation with a serious crime on their hands. ISO/IEC 27035 offers a solution.'

ISO 27035 applies to any organisation, irrespective of size. The Standard covers a range of information security incidents, whether deliberate or accidental, and whether caused by technical or physical means. ISO/IEC 27035 supports the general concepts specified in ISO/IEC 27001:2005 Information technology – Security techniques – Information security management systems – Requirements.

Related Standards

  • ISO/IEC 27000:2009 Information technology – Security techniques – Information security management systems – Overview and vocabulary
  • AS/NZS ISO/IEC 27001:2006 Information technology – Security techniques – Information security management systems – Requirements
  • AS/NZS ISO/IEC 27002:2006 Information technology – Security techniques – Code of practice for information management
  • ISO/IEC 27003:2010 Information technology – Security techniques – Information security management system implementation guidance
  • ISO/IEC 27031:2011 Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity

Related articles

Published in business and ICT.