Standards and Best Practices in Digital and Multimedia Forensics Shujun LI , Mandeep K. Dhami and Anthony T. S. Ho Department of Computing and Surrey Centre for Cyber Security (sccs)

ISO/IEC 27035:2011 ‘Information security incident management’

Download 0,63 Mb.

Pdf ko'rish

bet	10/54
Sana	30.05.2023
Hajmi	0,63 Mb.
	#945953

1 ... 6 7 8 9 10 11 12 13 ... 54

Bog'liq
9781118640500.excerpt

2.3.1.2
ISO/IEC 27035:2011 ‘Information security incident management’
This international standard provides techniques for the management of security
incidents that are highly related to digital forensics, especially network forensics. It is
also part of the ISO/IEC 27000 series and relies on the terms and definitions in ISO/IEC
27000. The standard overviews basic concepts related to security incidents, and
describes the relationship between objects in an information security incident chain. It
states that there should be a well-structured and planned approach to handle security
incidents, and states the objectives of such an approach; which are beneficial for an
organization to plan and establish its own security incident management approach.
Moreover, it discusses the various benefits of having a structured approach. One of
the key benefits is strengthening evidence and rendering it forensically sound and
legally admissible. The standard also states that the guidance provided is extensive,
and some organizations may vary in the need to deal with all of the issues mentioned
depending on the size, nature of business conducted in the organization and complexity
of mechanisms implemented within the organization.
Five main phases are identified that should constitute any information security
incidence management. These are as follows:
1. Plan and prepare
2. Detection and reporting
3. Assessment and decision
4. Responses
5. Lessons learnt
The various procedures performed as part of the incident response to security incidents
should handle and store digital evidence in a way to preserve its integrity in case it is
later required for further investigation and legal prosecution.
The rest of the standard overviews key activities of each phase mentioned earlier.
Moreover, Annex A provides a cross-reference table of ISO/IEC 27001 versus
ISO/IEC 27035. Annex B provides examples of information security incidents and
possible causes, while Annex C gives examples of sample approaches to categorization
of security events and incidents. Annex D provides examples of incident and
vulnerability reports and forms, while Annex E deals with legal and regulatory aspects.

“c02” — 2015/6/19 — 20:53 — page 50 — #13
50
Handbook of Digital Forensics of Multimedia Data and Devices
This standard is to be split into three parts in future editions as currently planned
by ISO/IEC JTC 1/SC 27 (the expert group editing ISO/IEC 27000 series standards):
ISO/IEC 27035-1 ‘Principles of incident management’, ISO/IEC 27035-2 ‘Guidelines
to plan and prepare for incident response’, ISO/IEC 27035-3 ‘Guidelines for incident
response operations’. All the three parts are still in CD (committee draft) stage, so it
is still too early to introduce them in this chapter.

Download 0,63 Mb.

Do'stlaringiz bilan baham:

1 ... 6 7 8 9 10 11 12 13 ... 54