Implementation Of A Comprehensive Incident Management Policy And The Iso / Iec 27035 Compliant

773 Words4 Pages
BLTYH’S BOOKS INCIDENT SECURITY MANAGEMENT POLICY AND THE ISO/IEC 27035
The ISO/IEC 27035 standard embodies the acceptable practice for the management of information security and ascertains the guidelines for the initiation, execution, maintenance and enhancement of information security management in organisations. The ISO 27035 standard is proposed to be a guide for emergent organisations in developing and implementing their information security policies. The implementation of this standard will improve an organisation’s capability of tackling information security incidents adequately as well as allay the negative effects of such incidents either directly or otherwise on their business operations. Proposed by this standard are five phases which organisations are encouraged to adopt in preparing for information security incidents.
Blyth’s Books information security incident management policy needs to reflect the advised activities expressed in the five phases of incident management to be ISO 27035 compliant.
PLAN AND PREPARE
The plan and prepare phase is quite broad. This phase comprises of the establishment of a comprehensive incident management structure, the formation of an Information Security Incident Response Team (ISIRT), creating awareness for the incident management structure and the testing of such structure. Blyth’s Books should include in their incident management policy a more comprehensive review of the vulnerabilities that are presently associated with their

More about Implementation Of A Comprehensive Incident Management Policy And The Iso / Iec 27035 Compliant

Get Access