Hi All,
ISO/IEC just published ISO/IEC 27035-1:2023, Information technology - Information security incident management - Part 1: Principles and process
This document is the foundation of the ISO/IEC 27035 series. It presents basic concepts, principles, and processes with key information security incident management activities, which provide a structured approach to preparing for, detecting, reporting, assessing, and responding to incidents, and applying lessons learned.
The guidance on the information security incident management process and its key activities are given in this document are generic and intended to apply to all organizations, regardless of type, size, or nature. Organizations can adjust the guidance according to their type, size, and nature of business in relation to the information security risk situation. This document also applies to external organizations providing information security incident management services.
This document can be previewed here: https://www.iso.org/obp/ui/#!iso:std:78973:en
This document can be purchased here: https://www.iso.org/standard/78973.html
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA
------------------------------