ISO 27035 is also known as ISO/IEC 27035. Why do we do this? Quite simply because it comes to us not only from the International Standards Organisation (ISO), but also from the International Electrotechnical Commission (IEC). An internationally recognised framework for managing cyber security incidents, ISO 27035 is less well known than ISO 27001 or 27002. And yet its importance is crucial!
What is ISO 27035?
ISO/IEC 27035 is an international standard that provides detailed guidelines to help organisations establish an effective incident management process. It covers all phases, from initial detection to closure and post-incident analysis.
This standard is therefore more than essential for any organisation wishing to strengthen its resilience in the face of information security threats, whether internal or external – and who wouldn’t?
What are the objectives of ISO 27035?
- Prevent cyber security incidents by identifying potential vulnerabilities and threats.
- Detect security incidents quickly by putting in place effective monitoring systems and procedures.
- React appropriately (and quickly!) to incidents to minimise their impact.
- Recovering from an incident, i.e. restoring normal operations as quickly as possible.
- Analyse and document incidents, to continually improve the incident management process – and above all prevent recurrences.
How is ISO 27035 constructed?
ISO/IEC 27035 is structured in several parts, each dealing with a different aspect of incident management.
#1 Introduction: incident management principles and processes
This section provides an overview of the key concepts and fundamental principles of information security incident management. It describes the general stages of the incident management process, from initial preparation through to continuous improvement.
#2 Planning and preparation
This section focuses on putting in place the tools and resources needed to manage security incidents (effectively). It covers :
- staff training and awareness ;
- the establishment of policies and procedures ;
- the implementation of incident detection and response technologies
#3 Incident detection and analysis
This section describes the methods and tools to be used to detect and analyse security incidents. The text emphasises one point: it is crucial to have effective monitoring systems AND well-defined processes, to assess and classify incidents accurately and quickly.
#4 Incident response
This section of the text guides organisations in implementing corrective measures to contain, eradicate and recover from an incident. It stresses the importance of coordination and communication, which are essential in the incident response process.
#5 Learning and continuous improvement
The standard encourages organisations to learn from each incident in order to strengthen their security posture. It recommends :
- document all incidents;
- document all incidents; carry out post-incident analyses;
- adjust policies and procedures accordingly.
The importance of ISO 27035
ISO 27035 may be (much) less well known than its cousins ISO 27001 and ISO 27002, but the fact remains that it offers a number of advantages:
- Reducing the impact of incidents (business disruption, financial losses, etc.);
- compliance with the numerous regulations requiring incident management processes to be put in place;
- strengthening organisational resilience through effective incident management ;
- Continuous improvement – by analysing and learning from each incident, organisations can constantly improve their security measures and reduce future risks.
To find out how Tenacy can help you manage your cyber incidents, contact our experts!