ISO/IEC 27035-4:2024 信息技术.信息安全事故管理.第4部分:协调

标准编号：ISO/IEC 27035-4:2024

中文名称：信息技术.信息安全事故管理.第4部分:协调

英文名称：Information technology - Information security incident management - Part 4: Coordination

发布日期：2024-12-02

标准范围

本文件为多个组织以协调的方式处理信息安全事件提供了指导方针。它还讨论了外部合作对单个组织内部事件管理的影响，并为单个组织适应协调过程提供了指导方针。此外，它还为协调小组（如果存在）执行支持跨组织事件响应的协调活动提供了指导方针。本文档中给出的原则是通用的，旨在适用于多个组织共同处理信息安全事件，无论其类型、规模或性质如何。组织可以根据其与信息安全风险情况相关的业务类型、规模和性质调整本文档中给出的指导。本文档也适用于参与合作伙伴关系的单个组织。

This document provides guidelines for multiple organizations handling information security incidents in a coordinated manner. It also addresses the impacts of external cooperation on the internal incident management of an individual organization and provides guidelines for an individual organization to adapt to the coordination process. Furthermore, it provides guidelines for the coordination team, if it exists, to perform coordination activities supporting the cross-organization incident response.

The principles given in this document are generic and are intended to be applicable to multiple organizations to work together to handle information security incidents, regardless of their types, sizes or nature. Organizations can adjust the guidance given in this document according to their type, sizes and nature of business in relation to the information security risk situation. This document is also applicable to an individual organization that participates in partner relationships.

标准预览图