Training Catalogue
WWISE

    ISO Banner

    ISO/IEC 27035-1:2016
    Information security incident management – Part 1: Principles of incident management

    ISO/IEC 27035-1:2016 Information technology — Security techniques — Information security incident management — Part 1: Principles of incident management

    ISO/IEC 27035-1:2016 presents straightforward concepts and phases of information security incident management and combines these concepts with principles in a structured approach to detecting, reporting, assessing, and responding to incidents, and applying lessons learnt. The Standard also covers the processes for managing information security events, incidents and vulnerabilities.

    What is ISO/IEC 27035-1:2016?

    Why does an Organisation need ISO/IEC 27035-1:2016?

    What are the Benefits of Implementing ISO/IEC 27035-1:2016?

    How do I Implement ISO/IEC 27035-1:2016 in an Organisation?

    Why Choose WWISE to Assist your Organisation:

    Guideline Conformance Process:

    What is ISO/IEC 27035-1:2016?

    ISO/IEC 27035-1:2016 presents straightforward concepts and phases of information security incident management and combines these concepts with principles in a structured approach to detecting, reporting, assessing, and responding to incidents, and applying lessons learnt. The Standard also covers the processes for managing information security events, incidents and vulnerabilities.

    The Standard outlines the perceptions and principles behind information security incident management. It defines an information security incident management process suggesting how to improve incident management:

    1. Plan and prepare: information security incident management policy, form an Incident Response Team etc.
    2. Detection and reporting: spot and account for “events” that might be or turn into incidents.
    3. Assessment and decision: assess the condition to determine whether it is in fact an incident.
    4. Responses: contain, eliminate, recover from, and forensically analyse the incident, where appropriate.
    5. Lessons learnt: make methodical improvements to the organization’s management of information risks as a consequence of incidents experienced.

    Why does an Organisation need ISO/IEC 27035-1:2016?

    The ideologies given in this Standard are generic and intended to be applicable to all organizations, regardless of type, size, or nature. Organizations can adjust the guidance given in ISO/IEC 27035-1:2016 in relation to the information security risk situation. It is also applicable to external organizations providing information security incident management services.

    By managing incidents effectively detective and corrective controls are designed to recognize and respond to events and incidents, minimize adverse impacts, gather forensic evidence (where applicable) and in due course ‘learn the lessons’ in terms of prompting improvements to the ISMS, typically by improving the preventive controls or other risk treatments.

    What are the Benefits of Implementing ISO/IEC 27035-1:2016?

    • Refining risk management,
    • Enlightening security awareness,
    • Creating security policies and procedures,
    • Improving information security,
    • Reducing business impacts,
    • Strengthening focus on prevention,
    • Prioritization of actions,
    • Improving the quality of evidence, and
    • Contributing to budget and resource justification.

    How do I implement ISO/IEC 27035-1:2016 in an organisation?

    ISO Consulting and Implementation:

    We have a range of professional Consultants, Engineers, and registered Auditors to assist in implementing and maintaining any ISO Management System. Our industry expertise includes services, telecommunication, manufacturing, construction, engineering services, fast-moving consumer goods, mining, power generation, state-owned companies, and government-run organisations. A good Consultant takes the time to truly understand the processes of your organisation.

    Therefore, they can approach the implementation of ISO requirements accordingly. The cost of hiring a Consultant and the time spent to implement your ISO Management System will definitely pay off in the long run.

    WWISE has a 4-Phase Approach:

    • Phase 1: Gap Analysis Audit and Information Gathering
    • Phase 2: ISO Documentation, Risk Assessment, and Process Mapping
    • Phase 3: Implementation and Coaching
    • Phase 4: Certification

    WWISE provides a turnkey solution which includes templates, one-on-one coaching, on-the-job training, and mentorship. As a consulting firm, we do not provide certification services. However, we will guide you through the certification process and ensure that your organisation becomes certified.

    Why Choose WWISE to assist your organisation?

    An organisation can implement the standard, however, cannot get certified as a guideline standard.

      COPYRIGHT ©2024 WWISE. ALL RIGHTS RESERVED.