Abstract: ISO/IEC 27035;2011 pdf free download.lnformation technology -Security techniques - Information security incident management. 4.2 Objectives As a key part of an organizations overall information security strategy, the organization should put...
ISO/IEC 27035;2011 pdf free download.lnformation technology -Security techniques - Information security incident management.
4.2 Objectives
As a key part of an organizations overall information security strategy, the organization should put controls and procedures in
place to enable a structured well-planned approach to the management of Information security incidents. From a business
perspective, the prime objective is to avoid or contam the impact of information security incidents to reduce the direct and
indirect costs caused by the incidents.
The primary steps to minimize the direct negative impact of information security incidents are the following:
• stop and contain.
• eradicate,
• analyse and report. and
• follow up.
The objectives of a structured well-planned approach are more refined and should ensure the following:
a) Information security events are detected and dealt with efficiently, In particular in identifying whether they need to be
categorized and classified as information security incidents or not.
b) Identified information security incidents are assessed and responded to in the most appropriate and efficient manner.
c) The adverse effects of information security Incidents on the organization and Its business operations are minimized by
appropriate controls as part of the incident response, possibly in conjunction with relevant elements from a crisis management plan or plans.
Recommended:
