Information Security Incident Management Standards and Guidance Documents

Currently, there is an increase in the number of information security incidents around the world, both leading to large financial losses and damaging the reputation of organizations.  The effective functioning of the information security management system and compliance with international information security standards will reduce the number of information security incidents and increase the level of organization security as a whole. The main guidance documents on incident management include:

ISO/IEC 27001:2005 Information security management system. Requirements. It is one of the fundamental standards in this field. It provides recommendations for the development, implementation, use and support of both information security management system as a whole, and approaches to the management of information security incidents.

ISO/IEC TR 18044:2004 Information security incident management. This document is intended for information security, information systems, services and networks unit managers and establishes recommendations for the management of information security incidents regarding the planning, use, and review process, as well as on this process improvement.

ISO/IEC 27035:2011 Information technology — Security techniques — Information security incident management. The standard covers the processes for managing information security events, incidents and vulnerabilities. It expands on the information security incident management section of ISO/IEC 27002. ISO/IEC 27035 upgraded and replaced ISO TR 18044 and is currently being revised and extended, splitting it into three parts that are expected to be published in 2016.

CMU/SEI-2004-TR-015 Defining incident management processes for CISRT. This document introduces a number of criteria for evaluating of the performance of CISRT (Critical Incident Stress Response Team) unit, which provides information security incident prevention, management and response.

NIST SP 800-61 Computer security incident handling guide. The document is a complete guide to information security incident management; it describes different approaches to responding to incidents and handling them.

NIST SP 800-83 Guide to Malware Incident Prevention and Handling. It is a guidance on prevention and handling of incidents related to malware infection of workstations and laptops.

NIST SP 800-86 Guide to Integrating Forensic Techniques into Incident Response. The document is a guide to forensic techniques in the framework of response to identified incidents.