Guest user Created: Mar 03, 2017 Last commented: Mar 03, 2017

ISO 27035 and incident management

ISO 27035 is about incident response, but given that part 3 (which covers operations) hasn’t been published yet, is there much useful overlap? Does part 2 overlap with any of ISO 27001, or is a company better off not worrying about 27035 for the moment?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Mar 03, 2017

Answer: You can see ISO 27035 parts 1 and 2 as an additional deepening of the ISO 27002 recommendations regarding incident management (section 13), while part 3 will cover the effective incident response. So, these parts can be used regardless the publication of part 3

If you already have an implemented incident management process that fulfils your objectives, using the ISO 27035 parts 1 and 2 is optional, as a source of possible improvement opportunities. If you are in the process of implementing an incident management process ISO 27035 parts 1 and 2 can provide more recommendations than ISO 27002.

This article will provide you further explanation about incident management:
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/

These materials wi ll also help you regarding incident management:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Mar 03, 2017

Expert Advice Community