标准编号:ISO/IEC TR 18044:2004
中文名称:信息技术 安全技术 数据安全事项管理
英文名称:Information technology — Security techniques — Information security incident management
发布日期:2004-10
标准范围
This Type 3 Technical Report (TR) provides advice and guidance on information security incident management forinformation security managers, and information system, service and network managers.This TR contains 11 clauses and is organized in the following manner. Clause 1 describes the scope and is followed by alist of references in Clause 2 and terms and definitions in Clause 3. Clause 4 provides some background to informationsecurity incident management, and that is followed by a summary of the benefits and key issues in Clause 5. Examples ofinformation security incidents and their causes are then provided in Clause 6. The planning and preparation forinformation security incident management, including document production, is then described in Clause 7. Theoperational use of the information security incident management scheme is described in Clause 8. The review phase ofinformation security management, including the identification of lessons learnt and improvements to security and theinformation security incident management scheme, is described in Clause 9. The improvement phase, i.e. makingidentified improvements to security and the information security incident management scheme, is described in Clause 10.Finally, the TR concludes with a short summary in Clause 11. Annex A contains example information security event andincident report forms, and Annex B contains some example outline guidelines for assessing the adverse consequences ofinformation security incidents, for inclusion in the reporting forms. The Annexes are followed by the Bibliography.
标准预览图
立即下载标准文件