欢迎来到麦多课文档分享! | 帮助中心 海量文档,免费浏览,给你所需,享你所想!
麦多课文档分享
全部分类
  • 标准规范>
  • 教学课件>
  • 考试资料>
  • 办公文档>
  • 学术论文>
  • 行业资料>
  • 易语言源码>
  • ImageVerifierCode 换一换
    首页 麦多课文档分享 > 资源分类 > PDF文档下载
    分享到微信 分享到微博 分享到QQ空间

    BS ISO IEC 27035-1-2016 Information technology Security techniques Information security incident management Principles of incident management《信息技术 安全技术 信息安全事件管理 事件管理原则》.pdf

    • 资源ID:396693       资源大小:3.99MB        全文页数:32页
    • 资源格式: PDF        下载积分:5000积分
    快捷下载 游客一键下载
    账号登录下载
    微信登录下载
    二维码
    微信扫一扫登录
    下载资源需要5000积分(如需开发票,请勿充值!)
    邮箱/手机:
    温馨提示:
    如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如需开发票,请勿充值!如填写123,账号就是123,密码也是123。
    支付方式: 支付宝扫码支付    微信扫码支付   
    验证码:   换一换

    加入VIP,交流精品资源
     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    BS ISO IEC 27035-1-2016 Information technology Security techniques Information security incident management Principles of incident management《信息技术 安全技术 信息安全事件管理 事件管理原则》.pdf

    1、BS ISO/IEC 27035-1:2016 Information technology Security techniques Information security incident management Part 1: Principles of incident management BSI Standards Publication WB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06BS ISO/IEC 27035-1:2016 BRITISH STANDARD National foreword The UK pa

    2、rticipation in its preparation was entrusted to Technical Committee IST/33/4, Security Controls and Services. A list of organizations represented on this committee can be obtained on request to its secretary. This publication does not purport to include all the necessary provisions of a contract. Us

    3、ers are responsible for its correct application. The British Standards Institution 2016. Published by BSI Standards Limited 2016 ISBN 978 0 580 79888 7 ICS 35.040 Compliance with a British Standard cannot confer immunity from legal obligations. This British Standard was published under the authority

    4、 of the Standards Policy and Strategy Committee on 30 November 2016. Amendments/corrigenda issued since publication Date Text affected This British Standard is the UK implementation of ISO/IEC 27035-1:2016. Together with BS ISO/IEC 27035-2:2016, it supersedes BS ISO/IEC 27035:2011 which is withdrawn

    5、.BS ISO/IEC 27035-1:2016 Information technology Security techniques Information security incident management Part 1: Principles of incident management Technologies de linformation Techniques de scurit Gestion des incidents de scurit de linformation Partie 1: Principes de la gestion des incidents INT

    6、ERNATIONAL STANDARD ISO/IEC 27035-1 Reference number ISO/IEC 27035-1:2016(E) First edition 2016- 11-01 ISO/IEC 2016 BS ISO/IEC 27035-1:2016ii ISO/IEC 2016 All rights reserved COPYRIGHT PROTECTED DOCUMENT ISO/IEC 2016, Published in Switzerland All rights reserved. Unless otherwise specified, no part

    7、of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISOs member body

    8、 in the country of the requester. ISO copyright office Ch. de Blandonnet 8 CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyrightiso.org www.iso.org ISO/IEC 27035-1:2016(E)BS ISO/IEC 27035-1:2016ISO/IEC 27035-1:2016(E)Foreword iv Introduction v 1 Scope . 1 2

    9、 Normative references 1 3 T erms and definitions . 1 4 Overview . 2 4.1 Basic concepts and principles 2 4.2 Objectives of incident management 3 4.3 Benefits of a structured approach 5 4.4 Adaptability . 6 5 Phases 6 5.1 Overview 6 5.2 Plan and Prepare . 9 5.3 Detection and Reporting . 9 5.4 Assessme

    10、nt and Decision 10 5.5 Responses .11 5.6 Lessons Learnt .12 Annex A (informative) Relationship to investigative standards .13 Annex B (informative) Examples of information security incidents and their causes 16 Annex C (informative) Cross reference table of ISO/IEC 27001 to ISO/IEC 27035 19 Bibliogr

    11、aphy .21 ISO/IEC 2016 All rights reserved iii Contents PageBS ISO/IEC 27035-1:2016ISO/IEC 27035-1:2016(E) Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodi

    12、es that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other i

    13、nternational organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. The procedures used to develop this document and those intended for

    14、 its further maintenance are described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/dire

    15、ctives). Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any patent rights identified during the development of the document will

    16、be in the Introduction and/or on the ISO list of patent declarations received (see www.iso.org/patents). Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement. For an explanation on the meaning of ISO specific terms and expressi

    17、ons related to conformit y assessment, as well as information about ISOs adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following URL: www.iso.org/iso/foreword.html. The committee responsible for this document is ISO/IEC JTC 1, Information

    18、 technology, SC 27, IT Security techniques. This first edition of ISO/IEC 27035-1, together with ISO/IEC 27035-2, cancels and replaces ISO/IEC 27035:2011, which has been technically revised. ISO/IEC 27035 consists of the following parts, under the general title Information technology Security techni

    19、ques Information security incident management: Part 1: Principles of incident management Part 2: Guidelines to plan and prepare for incident response Further parts may follow.iv ISO/IEC 2016 All rights reservedBS ISO/IEC 27035-1:2016ISO/IEC 27035-1:2016(E) Introduction Information security policies

    20、or controls alone will not guarantee total protection of information, information systems, services or networks. After controls have been implemented, residual vulnerabilities are likely to remain that can reduce the effectiveness of information security and facilitate the occurrence of information

    21、security incidents. This can potentially have direct and indirect adverse impacts on an organizations business operations. Furthermore, it is inevitable that new instances of previously unidentified threats will occur. Insufficient preparation by an organization to deal with such incidents will make

    22、 any response less effective, and increase the degree of potential adverse business impact. Therefore, it is essential for any organization desiring a strong information security program to have a structured and planned approach to: detect, report and assess information security incidents; respond t

    23、o information security incidents, including the activation of appropriate controls to prevent, reduce, and recover from impacts; report information security vulnerabilities, so they can be assessed and dealt with appropriately; learn from information security incidents and vulnerabilities, institute

    24、 preventive controls, and make improvements to the overall approach to information security incident management. For the purpose of achieving this planned approach, ISO/IEC 27035 provides guidance on aspects of information security incident management in the following corresponding parts. ISO/IEC 27

    25、035-1, Principles of incident management (this document), presents basic concepts and phases of information security incident management, and how to improve incident management. This part combines these concepts with principles in a structured approach to detecting, reporting, assessing, and respond

    26、ing to incidents, and applying lessons learnt. ISO/IEC 27035-2, Guidelines to plan and prepare for incident response, describes how to plan and prepare for incident response. This part covers the “Plan and Prepare” and “Lessons Learnt” phases of the model presented in ISO/IEC 27035-1. ISO/IEC 27035

    27、is intended to complement other standards and documents that give guidance on the investigation of, and preparation to investigate, information security incidents. ISO/IEC 27035 is not a comprehensive guide, but a reference for certain fundamental principles that are intended to ensure that tools, t

    28、echniques and methods can be selected appropriately and shown to be fit for purpose should the need arise. While ISO/IEC 27035 encompasses the management of information security incidents, it also covers some aspects of information security vulnerabilities. Guidance on vulnerability disclosure and v

    29、ulnerability handling by vendors is provided in ISO/IEC 29147 and ISO/IEC 30111, respectively. ISO/IEC 27035 also intends to inform decision-makers that need to determine the reliability of digital evidence presented to them. It is applicable to organizations needing to protect, analyse and present

    30、potential digital evidence. It is relevant to policy-making bodies that create and evaluate procedures relating to digital evidence, often as part of a larger body of evidence. Further information about investigative standards is available in Annex A. ISO/IEC 2016 All rights reserved vBS ISO/IEC 270

    31、35-1:2016BS ISO/IEC 27035-1:2016Information technology Security techniques Information security incident management Part 1: Principles of incident management 1 Scope This part of ISO/IEC 27035 is the foundation of this multipart International Standard. It presents basic concepts and phases of inform

    32、ation security incident management and combines these concepts with principles in a structured approach to detecting, reporting, assessing, and responding to incidents, and applying lessons learnt. The principles given in this part of ISO/IEC 27035 are generic and intended to be applicable to all or

    33、ganizations, regardless of type, size or nature. Organizations can adjust the guidance given in this part of ISO/IEC 27035 according to their type, size and nature of business in relation to the information security risk situation. This part of ISO/IEC 27035 is also applicable to external organizati

    34、ons providing information security incident management services. 2 Normative references The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, t

    35、he latest edition of the referenced document (including any amendments) applies. ISO/IEC 27000, Information technology Security techniques Information security management systems Overview and vocabulary ISO/IEC 27035-2, Information technology Security techniques Information security incident managem

    36、ent Part 2: Guidelines to plan and prepare for incident response 3 T erms a nd definiti ons For the purposes of this document, the terms and definitions given in ISO/IEC 27000 and the following apply. ISO and IEC maintain terminological databases for use in standardization at the following addresses

    37、: IEC Electropedia: available at http:/ /www.electropedia.org/ ISO Online browsing platform: available at http:/ /www.iso.org/obp 3.1 information security investigation application of examinations, analysis and interpretation to aid understanding of an information security incident (3.4) SOURCE: ISO

    38、/IEC 27042, 3.10, modified The phrase “an incident” was replaced by “an information security incident”. INTERNATIONAL ST ANDARD ISO/IEC 27035-1:2016(E) ISO/IEC 2016 All rights reserved 1BS ISO/IEC 27035-1:2016ISO/IEC 27035-1:2016(E) 3.2 incident response team IRT team of appropriately skilled and tr

    39、usted members of the organization that handles incidents during their lifecycle Note 1 to entry: CERT (Computer Emergency Response Team) and CSIRT (Computer Security Incident Response Team) are commonly used terms for IRT. 3.3 information security event occurrence indicating a possible breach of inf

    40、ormation security or failure of controls 3.4 information security incident one or multiple related and identified information security events (3.3) that can harm an organizations assets or compromise its operations 3.5 information security incident management exercise of a consistent and effective a

    41、pproach to the handling of information security incidents (3.4) 3.6 incident handling actions of detecting, reporting, assessing, responding to, dealing with, and learning from information security incidents (3.4) 3.7 incident response actions taken to mitigate or resolve an information security inc

    42、ident (3.4), including those taken to protect and restore the normal operational conditions of an information system and the information stored in it 3.8 point of contact PoC defined organizational function or role serving as the coordinator or focal point of information concerning incident manageme

    43、nt activities 4 Overview 4.1 Basic concepts and principles An information security event is an occurrence indicating a possible breach of information security or failure of controls. An information security incident is one or multiple related and identified information security events that meet esta

    44、blished criteria and can harm an organizations assets or compromise its operations. The occurrence of an information security event does not necessarily mean that an attack has been successful or that there are any implications on confidentiality, integrity or availability, i.e., not all information

    45、 security events are classified as information security incidents. Information security incidents can be deliberate (e.g. caused by malware or intentional breach of discipline) or accidental (e.g. caused by inadvertent human error or unavoidable acts of nature) and can be caused by technical (e.g. c

    46、omputer viruses) or non-technical (e.g. loss or theft of computers) means. Consequences can include the unauthorized disclosure, modification, destruction, or unavailability of information, or the damage or theft of organizational assets that contain information. Annex B provides descriptions of sel

    47、ected example information security incidents and their causes for informative purposes only. It is important to note that these examples are by no means exhaustive.2 ISO/IEC 2016 All rights reservedBS ISO/IEC 27035-1:2016ISO/IEC 27035-1:2016(E) A threat exploits vulnerabilities (weaknesses) in infor

    48、mation systems, services, or networks, causing the occurrence of information security events and thus potentially causing incidents to information assets exposed by the vulnerabilities. Figure 1 shows the relationship of objects in an information security incident. Figure 1 Relationship of objects i

    49、n an information security incident Information sharing and coordination with external IRTs is an important consideration. Many incidents cross organizational boundaries and cannot be easily resolved by a single IRT. Information sharing and coordination relationships or partnerships with external IRTs can greatly enhance the ability to respond to and resolve incidents. For further detail about information sharing, see ISO/IEC 27010. 4.


    注意事项

    本文(BS ISO IEC 27035-1-2016 Information technology Security techniques Information security incident management Principles of incident management《信息技术 安全技术 信息安全事件管理 事件管理原则》.pdf)为本站会员(ideacase155)主动上传,麦多课文档分享仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文档分享(点击联系客服),我们立即给予删除!




    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1 

    收起
    展开