Articles
>
ISO 27035

ISO 27035

ISO 27035 is also known asISO/IEC 27035. Why? Simply because it comes not only from the International Organization for Standardization (ISO), but also from the International Electrotechnical Commission (IEC). An internationally recognized framework for cybersecurity incident management, ISO 27035 is still less well known thanISO 27001 or 27002. And yet, it is crucially important!

June 7, 2024
Table of Contents
Discover how Tenacy structures your cybersecurity
Schedule a demo

What is ISO 27035?

ISO/IEC 27035 is an international standard that provides detailed guidelines to help organizations establish an effective incident management process. It covers all phases, from initial detection to closure and post-incident analysis.

This standard is therefore essential for any organization that wants to strengthen its resilience to internal and external information security threats—and what organization wouldn't want that?

What are the objectives of ISO 27035?
  1. Prevent cybersecurity incidents by identifying vulnerabilities and potential threats.
  2. Quickly detect security incidents by implementing effective monitoring systems and procedures.
  3. Respond appropriately (and quickly!) to incidents in order to minimize their impact.
  4. Recovering well after an incident means restoring normal operations as quickly as possible.
  5. Analyze and document incidents to continuously improve the incident management process—and, above all, prevent recurrences.

How is ISO 27035 structured?

ISO/IEC 27035 is structured in several parts, each addressing a different aspect of incident management.

#1 Introduction: Incident Management Principles and Processes

This section provides an overview of the key concepts and fundamental principles of information security incident management. It describes the general steps in the incident management process, from initial preparation to continuous improvement.

#2 Planning and preparation

This section focuses on implementing the tools and resources necessary for (effective) security incident management. It covers:

  • staff training and awareness-raising;
  • the establishment of policies and procedures;
  • the implementation of incident detection and response technologies.
#3 Incident detection and analysis

This section details the methods and tools to be used to detect and analyze security incidents. The text emphasizes one point: it is crucial to have effective monitoring systems AND well-defined processes in place to assess and classify incidents accurately and quickly.

#4 Incident response

This section of the text guides organizations in implementing corrective measures to contain, eradicate, and recover from an incident. It emphasizes the importance of coordination and communication, which are essential during the incident response process.

#5 Learning and continuous improvement

The standard encourages organizations to learn from each incident to strengthen their security posture. It recommends:

  • to document all incidents;
  • to conduct post-incident analyses;
  • adjust policies and procedures accordingly.

The importance of ISO 27035

Although ISO 27035 is (much) less well known than its cousins ISO 27001 and ISO 27002, it nonetheless offers numerous advantages:

  • reducing the impact of incidents (business disruptions, financial losses, etc.);
  • compliance with the numerous regulations requiring the implementation of incident management processes;
  • strengthening organizational resilience through effective incident management;
  • Continuous improvement – by analyzing and learning from each incident, organizations can constantly improve their security measures and reduce future risks.

To find out how Tenacy can help you manage your cyber incidents, contact our experts!

Other articles

You may be interested in

PCI-DSS: definition and explanations
Glossary
PCI DSS

The Payment Card Industry Data Security Standard (also known as PCI-DSS for short) is a set of security standards designed to ensure that all companies accepting, processing, storing, or transmitting credit card information maintain a secure environment.

August 30, 2024
SOC 2 standard and certification: definition
Compliance
Glossary
SOC 2

In today's cyber landscape, it is no longer enough to simply implement protection solutions. Compliance with standards and regulations has quickly become an essential factor in ensuring information security—and therefore user confidence.

Among these standards is SOC 2 (Service Organization Control 2). Less well known in France than in the US, it is nevertheless an essential reference framework for companies, including those in France. Let's take a closer look.

August 30, 2024
Military Programming Law (LPM): focus on cybersecurity
Glossary
LPM

The Military Programming Law (or LPM) is becoming increasingly well known in the world of cybersecurity —but not only there. This French legislation defines all of the priorities, objectives, and resources allocated to the armed forces for a given period. These objectives certainly concern the security of information systems, but they also relate to equipment, research efforts, and personnel.

However, it is the "cyber" aspect of this law that interests us here. Here is an overview of the requirements of the LPM in terms of IT security —and how to implement them.

June 7, 2024