Iso/Iec 27035. Information Security Incident Management

Understand the 5-step process for managing information security incidents according to international standards

What you'll learn

The process for managing information security incidents

Best practices recommended by standards for handling incidents

How to plan and prepare for managing incidents

How to detect and assess information security events

How to analyze and classify information security incidents

What involves the response to information security incidents

What standards are available for information security management

Requirements

Familiarity with the ISO standards on information security management is helpful, but not mandatory

Description

Information security incidents have become a common occurrence in today's landscape, where every organization, regardless of its size or dependence on IT&C, can be the victim of an attack.Security controls and policies alone cannot guarantee a total protection of information, networks, systems or services, because  there will always be residual vulnerabilities that may be exploited by threats, leading to information security incidents. Furthermore, it is inevitable that new instances of previously unidentified threats cause incidents to occur.The consequences of an information security incident can go from minor disturbances to the regular operations, up to the collapse of the entire organization. The insufficient preparation to deal with incidents will make the response of the organization less effective and will increase the degree of potential adverse business consequences. Therefore, it is mandatory for each company to design and to implement a robust information security programme, with a key part of that programme dedicated to the handling of incidents.This course presents the guidelines for managing information security incidents provided by ISO/IEC 27035. This international standard proposes a process that includes 5 phases:- plan and prepare where plans and policies are developed, training and awareness are provided, the necessary resources are identified and made available, forms are established and organizational structures, such as the incident management team and the incident response team are set up;- detect and report, where information security events are identified, reported;- assess and decide, where incidents are categorized based on their impact on the organization and analyzed to determine the most suitable solutions for the response;- respond, where the incident is contained first, then eradicated and in the end the systems and services affected by the incident are recovered; and- learn lessons, where the organization uses the information collected while handling incidents to improve its process, its security controls and organizational processes.A section of the course is dedicated to each of the five steps of the incident management process and along the way there are examples and case studies to make your learning journey more useful and pleasant.By participating in this course you will understand the concepts and tools of incident management; you will learn about how to categorize and analyze information security incidents; you will improve your skills in the information security management field and you can confidently apply for a certification as incident manager.You can use the information in this course to design or to improve your company's processes for managing information security incidents. You can use the course as support for your consulting services or for auditing purposes. Or, you can use this course as a method to advance your career in information security management.

Overview

Section 1: Information security management and the ISO/IEC 27000 series of standards

Lecture 1 Introduction

Lecture 2 Information security management

Lecture 3 The ISO/IEC 27000 series of standards

Lecture 4 About ISO/IEC 27035

Section 2: Basic concepts and process for information security incident management

Lecture 5 Basic concepts

Lecture 6 Common types of attack

Lecture 7 Objectives for incident management

Lecture 8 Overview of the incident management process

Section 3: Plan and prepare

Lecture 9 Information security incident management policy

Lecture 10 Information security incident management plan (part 1)

Lecture 11 Information security incident management plan (part 2)

Lecture 12 Incident categorization

Lecture 13 Incident forms

Lecture 14 The incident management team (IMT)

Lecture 15 The incident response team (IRT)

Lecture 16 Establishing relationships

Lecture 17 Technical and other support

Lecture 18 Incident awareness and training

Lecture 19 Testing the information security incident management plan

Lecture 20 Considerations related to legal and regulatory requirements

Lecture 21 Recapitulation - Plan and prepare

Lecture 22 The Equifax data breach of 2017

Section 4: Detect and report

Lecture 23 Information security event detection

Lecture 24 Information security event reporting

Section 5: Assess and decide

Lecture 25 Incident triage

Lecture 26 Incident analysis (part 1)

Lecture 27 Incident analysis (part 2)

Section 6: Respond

Lecture 28 Incident containment

Lecture 29 Incident eradication and recovery

Lecture 30 Incident reporting

Section 7: Learn lessons

Lecture 31 Learn lessons and improve

Lecture 32 Recapitulation - detect, report, assess, respond and learn lessons

Lecture 33 The Target data breach of 2013

Lecture 34 Certification for information security incident management

Lecture 35 Thank you and good bye!

Information security incident managers,Information security managers,Information security auditors,Members of incident response teams (IRTs),IT managers,ISO consultants and auditors,Information security risk managers,IT system administrators,Individuals interested in information security management