Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Cyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035 - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cyber Security Awareness Month - Day 24 - A Standard for Information Security Incident Management - ISO 27035

Rob covered ISO 27005 in his 17 OCT diary, which covers information security risk management. I believe as handlers for the Internet Storm Center we'd be remiss in failing to cover an incident response standard for Cyber Security Awareness Month. ISO 27035 fits the bill perfectly.

ISO/IEC 27035:2011 provides a structured and planned approach to:
1) detect, report and assess information security incidents
2) respond to and manage information security incidents
3) detect, assess and manage information security vulnerabilities
4) continuously improve information security and incident management as a result of managing information security incidents and vulnerabilities

This International Standard cancels and replaces 2004's ISO 18044.
In our Standard Operating Procedures, I provide direct pointers to ISO 27035 as well as NIST's SP 800-61 rev 2.
Aligning your security incident management program with these two documents lends well to meeting security incident management components for ISO and or PCI compliance. You'll definitely need to validate (with evidence) that your related activities meet muster for the audits, but with well written SOPs, documented processes, good case management, and regular drills and exercises (practice). Remember, actual incidents don't count as exercises. :-)  Conduct a drill-like activity on a quarterly basis if possible, report on it, and be sure to incorporate lessons learned.

"No battle plan survives contact with the enemy"...but you can definitely prepare.


Russ McRee | @holisticinfosec

Russ McRee

204 Posts
ISC Handler
Oct 24th 2012
You are still referring to the draft version of NIST SP 800-61 rev 2. The final version was released in August 2012 and can be found at

5 Posts
As Eisenhower said, "In preparing for battle, I have always found the plans are useless but planning is indispensable."

1 Posts

Sign Up for Free or Log In to start participating in the conversation!