Comprehensive and Detailed Explanation From Exact Extract:
ISO/IEC 27035-2:2016 is titled “Information security incident management — Part 2: Guidelines to plan and prepare for incident response.” This document provides detailed guidance on establishing an incident response capability, planning for incident response, and implementing effective response actions. It also emphasizes the importance of post-incident analysis and lessons learned to improve future incident handling.
Key activities covered in ISO/IEC 27035-2 include:
* Planning and preparing for incident handling (e.g., policy development, roles and responsibilities)
* Establishing and training the incident response team (IRT)
* Developing communication strategies and escalation procedures
* Conducting root cause analysis and collecting lessons learned
* Applying improvements to prevent recurrence
By contrast:
* ISO/IEC 27035-1 provides high-level principles of incident management (Part 1: Principles).
* ISO/IEC 27037 relates to the handling of digital evidence and is focused more on forensic practices than incident response preparation.
Reference Extracts:
* ISO/IEC 27035-2:2016, Introduction: “This part provides guidance on the planning and preparation necessary for effective incident response and for learning lessons from incidents.”
* ISO/IEC 27035-2:2016, Clause 6.5: “Lessons learned and reporting can help improve future incident response and provide input to risk assessments and control improvements.”
