Title Banner

Touchstone

ISSN 1177-5874
close

Tell your friends about this article!

Friend's email address:
  For example, username@domain.com
Your email address:
  For example, username@domain.com
Subject:
Message:
Send the email
This message has been sent to you from Touchstone, Standards New Zealand's free electronic magazine. Standards New Zealand is the country's leading Standards body, developing and promoting Standards for the benefit of all New Zealanders.

When the message is sent, you'll automatically be copied on the message. The text immediately above will be added to the message automatically, identifying the message as coming from Touchstone.

close

Thanks

Your email has been sent
Search
Search Ezine Search Rest of Site

Search


Search

Information security incident management – new ISO/IEC Standard


Issue 33 – November 2011

Using an information security incident management system helps organisations to put procedures in place to manage information security breaches, improve information security, and reduce adverse business impacts. Information technology – Security techniques – Information security incident management ISO/IEC 27035:2011 gives 'how to' guidance to detect, report, and assess information security incidents and vulnerabilities.

'The new ISO/IEC 27035 Standard provides tried and tested advice on the methods that need to be deployed for ensuring effective management of information security incidents,' says Edward Humphreys, whose team developed the original Standard, ISO/IEC Technical Report 18044:2004.

'Incidents can vary from the minor, which may have an impact on an isolated business system, to a major incident, which affects all business systems,' says Humphreys. 'Some incidents disrupt an organisation and the use of its business resources for 24 to 72 hours or more; some cause a serious loss and/or destruction of data, and some can leave the organisation with a serious crime on their hands. ISO/IEC 27035 offers a solution.'

ISO 27035 applies to any organisation, irrespective of size. The Standard covers a range of information security incidents, whether deliberate or accidental, and whether caused by technical or physical means. ISO/IEC 27035 supports the general concepts specified in ISO/IEC 27001:2005 Information technology – Security techniques – Information security management systems – Requirements.

→ Buy ISO/IEC 27035:2011 (hard copy) Information technology – Security techniques – Information security incident management

→ You can order PDFs of ISO and IEC Standards by calling 0800 782 632 during business hours or emailing enquiries@standards.co.nz.

Related Standards

  • ISO/IEC 27000:2009 Information technology – Security techniques – Information security management systems – Overview and vocabulary
  • AS/NZS ISO/IEC 27001:2006 Information technology – Security techniques – Information security management systems – Requirements
  • AS/NZS ISO/IEC 27002:2006 Information technology – Security techniques – Code of practice for information management
  • ISO/IEC 27003:2010 Information technology – Security techniques – Information security management system implementation guidance
  • ISO/IEC 27031:2011 Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity

Related articles

 
Back to top
More Business articles