ISO/IEC 27035-1:2016 is the foundation of this multipart International Standard. It presents basic concepts and phases of information security incident management and combines these concepts with principles in a structured approach to detecting, reporting, assessing, and responding to incidents, and applying lessons learnt.
The principles given in ISO/IEC 27035-1:2016 are generic and intended to be applicable to all organisations, regardless of type, size or nature. Organisations can adjust the guidance given in ISO/IEC 27035-1:2016 according to their type, size and nature of business in relation to the information security risk situation. It is also applicable to external organisations providing information security incident management services.
Purchase and use of this product is governed by this EULA.