Information technology
Enviado por RaKZAsTHaRoTH • 22 de Noviembre de 2012 • Tesis • 485 Palabras (2 Páginas) • 425 Visitas
ISO/IEC 27035:2011 Information technology — Security techniques — Information security incident management
Introduction
Information security controls are imperfect in various ways: controls can fail, work partially, or be completely missing (e.g. not implemented or not operational). Consequently, incidents are bound to happen since preventive controls are not totally reliable and effective.
Managing incidents effectively involves detective and corrective controls designed to minimize adverse impacts, gather forensic evidence (where applicable) and ‘learn the lessons’ in terms of prompting improvements to the ISMS, especially the implementation of more effective preventive controls.
Information security incidents commonly involve the exploitation of previously unrecognised and/or uncontrolled vulnerabilities, hence vulnerability management (e.g. applying relevant security patches to IT systems and addressing control weaknesses in procedures) is part preventive and part corrective action.
Scope
ISO/IEC 27035 covers the processes for handling information security incidents and vulnerabilities.
Content
The standard lays out a process with 5 key stages:
Prepare to deal with incidents e.g. prepare an incident management policy, and establish a competent team to deal with incidents;
Identify and report information security incidents;
Assess incidents and make decisions about how they are to be addressed e.g. patch things up and get back to business quickly, or collect forensic evidence even if it delays resolving the issues;
Respond to incidents i.e. contain them, investigate them and resolve them;
Learn the lessons - more than simply identifying the things that might have been done better, this stage involves actually making changes that improve the processes.
The standard provides template reporting forms for information security events, incidents and vulnerabilities.
Status of the standard
Using ISO/IEC’s accelerated procedure, the first part of 27035 upgraded and replaced ISO TR 18044. It was published in 2011 and is available for CHF184 from the ISO/IEC webstore.
A project is under way to revise and extend ISO/IEC 27035, splitting it into three parts.
The possibility of introducing a fourth part to the standard concerning the categorization and classification of information security incidents has been discussed at length by the committee: it
...