What is EN ISO 27035-2:2018?

EN ISO 27035-2:2018, also known as Information technology — Security techniques — Information security incident management — Part 2: Guidelines for incident management, is an international standard that provides guidance on the management of information security incidents. It was published by the International Organization for Standardization (ISO) and the European Committee for Standardization (CEN).

The Importance of Incident Management

Incident management is a crucial aspect of information security. It involves effectively handling and responding to security incidents in order to minimize their impact and prevent future occurrences. The EN ISO 27035-2 standard outlines a systematic approach to incident management, providing organizations with guidelines and best practices to follow.

Key Elements of EN ISO 27035-2:2018

EN ISO 27035-2:2018 covers various aspects of incident management, including preparation, detection, reporting, assessment, response, and lessons learned. Let's take a closer look at each of these elements:

Preparation: This phase focuses on establishing the necessary frameworks, policies, and procedures to prepare for potential security incidents. It includes activities such as creating an incident response plan, defining roles and responsibilities, and conducting regular training and drills.

Detection: The detection phase involves monitoring networks, systems, and applications for any signs of unusual activity or potential security breaches. It emphasizes the importance of having robust monitoring systems and tools in place to detect incidents in a timely manner.

Reporting: Once an incident is detected, it needs to be reported promptly to the appropriate individuals or teams within the organization. Timely and accurate reporting enables swift response and containment, minimizing the impact of the incident.

Assessment: The assessment phase involves evaluating the severity and impact of the incident. It includes activities such as gathering evidence, analyzing the root causes, and assessing the potential damage caused by the incident.

Response: In this phase, organizations take appropriate actions to contain and mitigate the incident. This may include isolating affected systems, implementing patches or fixes, and restoring services to normal operation as quickly as possible.

Lessons Learned: After an incident has been resolved, organizations should conduct a thorough review to identify lessons learned and areas for improvement. This feedback loop plays a critical role in enhancing an organization's incident management capabilities.

Conclusion

EN ISO 27035-2:2018 provides valuable guidelines for incident management, helping organizations respond effectively to information security incidents. By following these best practices, organizations can minimize the impact of incidents, prevent future occurrences, and continuously improve their overall security posture.