ISO IEC 27035-2-2023.docx

INTERNATIONA1.STANDARDISO/IEC27035-2editionSecond2023-02Informationtechno1.ogy一Informationsecurityincidentmanagement一fM*inestop1.anandprepareforincidentresponseTechno1.ogiesdeinformation-GestiondesincidentsdeSecUri整deinformationPartie2:1.ignesdirectricesPOUrPIanifieretpreparerUnereponseauxincidentsReferencenumberISO/IEC27035-2:2023(E)©ISO/IEC2023COPYRIGHTPROTECTEDDOCUMENT©ISO/1EC2023IUirhM*hedbdi1.iUedotherwiseupdhi.o啪InPSd1.Mc;GeatrOn1.<nm11nr1amaqn0*即b11o即PcXHiWioM1.Onmaytheinternetoranintranet,withoutpriorwrittenpermission.PermissioncanberequestedfromeitherISOattheaddressbe1.oworISO'smemberbodyinthecountr)oftherequester.f),WV>fifiU81.andonnet8CH-1214Vernier,GenevaPhone：M1.22749O1.11觥ftte:丽丽BQrgPub1.ishedinSwitzer1.and©ISO/IEC2023-A1.1.rightsreserved©ISO/IEC2023-A1.1.rightsreservedISO(theInternationa1.OrganizationforStandardization)andIEC(theInternationa1.E1.ectrotechnica1.membersofISOtheparticipateintheforwor1.dwideInternationa1.Nationa1.bodiesarecommitteesestab1.ishedbytherespectiveorganizationtodea1.withparticu1.arfie1.dsoftechnica1.activity.ISOandIECmitteesco1.1.aborateinfie1.dsofmutua1.interest.Otherinternationa1.work.Theproceduresusedtodeve1.opthisdocumentandthoseintendedforitsfurthermaintenanceareforthetypesofdocument1.Inbenoted,thedifferentwascriteriaMC3damswiU"Jwdi1.oria1.“theISO/IECDirectives,Part2(seewww.iso.org/directivesorwww.iec.ch/members-experts/refdocs).Ofpatentrights.totheIECsha1.1.notbehe1.dthee1.ementsthisdocumentorbethepatentrights.Detai1.sofanypatentrightsidentifiedduringthedeve1.opmento3*d3um4mUw41.4MMntheIntroductionand/orontheISO1.istofPagntd*Em。晔3ved(seewww.iso.org/patents)ortheIECAnytradenameusedinthisdocumentisinformationgivenfortheconvenienceofusersanddoesnotconstituteanendorsementForanre1.atedofthevo1.untarynatureofwe1.1.themeaningofISOISO*stermstoth。WokiTVadoQrganizatio科(WTO)princip1.esin出。Tzhnka1.Ban>feu>T11<(TBT)seewww.iso.org/iso/forcword.htni1.IntheIEC,seewsv¼.iec.chundcrstanding-s1.andards.Thisdocument27,preparedbyTechnica1.CommitteeprivacyTC1,Thissecondeditioncance1.sandrep1.acesthefirstedition(ISO/IEC27035-2:2016),whichhasbeenThemainchangesareasfo1.1.ows: newro1.esinc1.udingincidentmanagementteamandincidentcoordinatorandtheirresponsibi1.itieshavebeenadded; contentonarecommendedprocessfororganizationshasbeenaddedin6.7; C.3hasbeenrep1.acedbyasing1.eparagraph;A1.istofa1.1.partsintheISO/IEC27035seriescanbefoundontheISOandIECwebsites.AnyAOrIiStingofthirbodiescanbefoundatuser'snationa1.www.iec.ch/nationa1.-committees.IntroductionThisdocumentfocusesoninformationsecurityincidentmanagementwhichisidentifiedinISO/IEC27000asoneofthecritica1.successfactorsfortheinformationseritymanagementsystem.Therecanbea1.argegapbetweenanorganizationp1.anforanincidentandanorganizationpreparednessforanincident.Therefore,thisdocumentaddressesthedeve1.opmentofprocedurestoiHFI三怖蛉楞ihi三AOfb螂预酬艇ta4网iciesre0Rss侬州布i闱由麻ationm油瞰&nt,aswe1.1.astheprocessforestab1.ishingtheincidentresponseteamandimprovingitsperformanceovertimebyadopting1.essons1.earnedandbyeva1.uation.Informationtechno1.ogyInformationsecurityincidentmanagement一Guide1.inestop1.anandprepareforincidentresponse1Scopeinformationresponse.Theguide1.inesmanagementphasesHiode1.andpresentedISO/IEC27035-1:2023,5.2andThemajorpointswithinthe"p1.anandprepare*phaseinc1.ude:Organizationa1.securityandpo1.iciesrinc1.udingandnetwork1.eve1.s;riskmanagement,updatedatboth IncidentManagementTeam(IMT)estab1.ishment; technica1.andOthersupport(inc1.udingorganizationa1.andoperationa1.support);ThewIcarn1.essons"phaseinc1.udes： Identifyingandmakingnecessaryimprovements;regard1.essofgivensizethisdocumentorganizationsandintendedtheapp1.icab1.etoa1.1.organizations,Normativeservicesreferencesconstitutesrequirementsaredocument.Fordatedinreferences,on1.ySomeeditiona1.1.citedapp1.ies.contentISO/IECOverview1.nformationvocabu1.arySecuritytechniques-informationsecuritymanagementb) IMTsandIRTsofexterna1.organizations；c) managedserviceproviders(inc1.udingte1.ecommunicationserviceproviders).ISPs,vendorsandsupp1.iers;d) 1.awenforcementorganizations;c)emergencyauthorities;0CERTsi)andCSIRTs,whereappropriate；g) appropriategovernmentorganizations,ordataprotectionagency;h) 1.ega1.personne1.;i) pub1.icre1.ationsofficia1.sand/ormembersofthemedia；j) businesspartners；k) customers;i)genera1.pub1.ic;m)regu1.ators.9Definingtechnica1.andothersupport9.1 Genera1.NOTE1C1.ause9,initsentirety,1.inkstoISO/IEC27035-1:2023,5.211.叭小沁博Cmhat赚n*w由Ujre1.*惘注地即世觥或级呼咏QM9b由e-AHinterna1.andexterna1.partiesforsupportandreportingshou1.dbedefinedandcommunicationchanne1.sandworkf1.owagreedupon.Theseactivitiesinc1.udethefo1.1.owing:1.ii!RStof1.frfonsorgfiW,1.setsw*v9f1.erjup-to-dateassetregisterandinformationdocumentedandpromu1.gatedcommunicationsprocessesinc1.