ISO/IEC DIS 27035-1

Description / Abstract: This part of ISO/IEC 27035 is the foundation of this multipart International Standard. It presents basic concepts and phases of information security incident management and combines these concepts with principles in a structured approach to detecting, reporting, assessing, and responding to incidents, and applying lessons learnt.

The principles given in this International Standard are generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the guidance given in this International Standard according to their type, size and nature of business in relation to the information security risk situation. This International Standard is also applicable to external organizations providing information security incident management services.