GB/T 20985.1-2017 English PDFUS$414.00 · In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 20985.1-2017: Information technology -- Security techniques -- Information security incident management -- Part 1: Principles of incident management Status: Valid
Basic dataStandard ID: GB/T 20985.1-2017 (GB/T20985.1-2017)Description (Translated English): Information technology -- Security techniques -- Information security incident management -- Part 1: Principles of incident management Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.040 Word Count Estimation: 22,253 Date of Issue: 2017-12-29 Date of Implementation: 2018-07-01 Issuing agency(ies): General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China GB/T 20985.1-2017: Information technology -- Security techniques -- Information security incident management -- Part 1: Principles of incident management---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. Information technology - Security techniques - Information security incident management - Part 1. Principles of incident management ICS 35.040 L80 National Standards of People's Republic of China Replacing GB /Z 20985-2007 Information Technology Security Technology Information Security Incident Management Part 1. event management principles management-Part 1. Principles of Incidentmanagement (ISO /IEC 27035-1..2016, IDT) 2017-12-29 Posted 2018-07-01 implementation General Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China China National Standardization Administration released Directory Foreword Ⅲ Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and definitions 1 4 Overview 2 4.1 Basic Concepts and Principles 2 4.2 Incident Management Objectives 3 4.3 The benefits of structured method 4 4.4 Adaptability 5 5 stage 5 5.1 Overview 5 5.2 Planning and Preparation 5.3 Discovery and reporting 8 5.4 Assessment and Decision-Making 8 5.5 Response 9 5.6 Experience Summary 10 Appendix A (informative) and the relationship between the standard survey 11 Appendix B (informative) Information security incidents and their causes 13 Appendix C (Informative) Comparison table ISO /IEC 27001 and ISO /IEC 27035 References 17 ForewordGB/T 20985 "Information Technology Security Technology Information Security Incident Management" is divided into three parts. --- Part 1. Incident management principles; --- Part 2. Incident Response Planning and Preparation Guide; --- Part 3. Operational Guidelines for Incident Response. This section GB/T 20985 Part 1. This section drafted in accordance with GB/T 1.1-2009 given rules. This section instead of GB /Z 20985-2007 "Information Technology Security Technology Information Security Incident Management Guide" and GB /Z 20985- 2007 compared to the main technical changes are as follows. --- By the guidance of technical documents to the recommended national standards, and is intended to be divided into three parts; --- Removed "Business Continuity Planning" terms and definitions (see.2007 version 3.1); --- Added "Information Security Investigation" "Information Security Incident Management" "Incident Handling" "Incident Response" and "Contact Point" terms and definitions (See 3.1, 3.5 ~ 3.8); --- Change the term "Information Security Incident Response Team (ISIRT)" to "Incident Response Team (IRT)" and modify its definition (see 3.2, 2007 version 3.4); --- Modify the definitions of the terms "information security matters" and "information security incidents" (see 3.3 and 3.4, versions.2007 and 3.2); --- Adjust "Planning and Preparation" "Use" "Review" and "Improve" four information security incident management processes to "Planning and Preparation" Present and report "" assessment and decision-making "" response "and" experience "five information security incident management phase, and adjust accordingly (See Chapter 5,.2007 edition 5.2 and Chapter 7 to Chapter 10). This section uses the translation method identical with ISO /IEC 27035-1..2016 "Information Technology Security Technology Information Security Incident Management Part 1. Principles of Event Management. The documents of our country that are in conformity with the corresponding international documents that are normative references in this part are as follows. --- GB/T 29246-2017 Information technology-Security technology Information security management system overview and vocabulary (ISO /IEC 27000..2016, IDT) This part of the National Information Security Standardization Technical Committee (SAC/TC260) and focal point. This section is drafted. China Electronics Standardization Institute, CLP Great Wall Internet System Application Co., Ltd., China Information Security Research Institute Co., Ltd. The main drafters of this section. Shangguan Xiaoli, Min Jinghua, Zhou Yichao, Xu Yuna, Cai Yiming. This part replaces the previous editions are. --- GB /Z 20985-2007.IntroductionAbout ISO /IEC 27035 Information security policies or controls alone can not guarantee that information, information systems, services or networks are fully protected. Even with control, There may still be residual vulnerabilities, so as to reduce the effect of information security, make information security incidents easy to occur, and keep the business operation of the organization straight Potential and indirect negative effects. In addition, new threats not previously identified will inevitably occur. If the organization did not handle this incident Being well prepared will make any response less effective, but potentially negatively impacting the business. So strong for any expectation It is imperative that an organization that is in charge of information security plans carry out the following activities in a structured and planned manner. --- Discover, report and evaluate information security incidents; - Respond to information security incidents, including initiating appropriate controls to prevent and mitigate the impact and recover from it; --- Reporting information security vulnerabilities so that they can be evaluated and properly addressed; - Lessons learned from information security incidents and vulnerabilities, building preventative controls and improving overall information security incident management method. To achieve this planned approach, the following sections of ISO /IEC 27035 provide guidance on information security incident management. --- ISO /IEC 27035-1 gives the basic concepts and phases of information security incident management, and how to improve incident management. This In part, these concepts are combined with the principles of structured approaches to discover, report, evaluate and respond to events and to summarize lessons learned. --- ISO /IEC 27035-2 Describes how to plan and prepare for incident response. Partially covers the events given in ISO /IEC 27035-1 Planning and preparation of the management model and lessons learned phase. Relationship with other standards ISO /IEC 27035 is intended to complement other standards and documents that provide information security incident investigation and survey preparation guidelines. ISO /IEC 27035 is not a complete guide, but rather a reference to some of the basic principles designed to ensure the selection of the appropriate tools, techniques and methods For the desired purpose. While ISO /IEC 27035 covers the management of information security incidents, it also covers some aspects of information security vulnerability. ISO /IEC 29147 and ISO /IEC 30111 provide guidance on vulnerability disclosure and vendor vulnerability management respectively. ISO /IEC 27035 is also intended to provide guidance to decision makers who need to determine the reliability of the digital evidence presented before it. It is suitable For organizations that need to protect, analyze and present digital evidence of potential. It is a strategic decision to create and evaluate procedures related to digital evidence Institutional relationships, which are often part of larger evidential institutions. Refer to Appendix A for further information on the criteria for the survey class. Information Technology Security Technology Information Security Incident Management Part 1. event management principles1 ScopeGB/T 20985 This section presents the basic concepts of information security incident management and process stages, and these concepts and structure The principles of the method combine to discover, report, evaluate, and respond to events, as well as to summarize the lessons learned. The event management principles presented in this section are generic and apply to organizations of any type, size, or nature. Organizations can be based on their business Type, size and nature of the information security risks associated with the situation, adjust the guidance given in this section. This section also applies to the provision of information security matters External organization of management services.2 Normative referencesThe following documents for the application of this document is essential. For dated references, only the dated version applies to this article Pieces. For undated references, the latest edition (including all amendments) applies to this document. ISO /IEC 27000 Information Technology Security Technology Information Security Management System Overview and Vocabulary (Informationtechnolo- gy-Security technologies-Information security systems systems-Overview and vocabulary) ISO /IEC 27035-2 Information technology - Security technology - Part 2. Incident response planning and preparation guide (Informationtech- nology-Security technologies-Information security incident-Part 2. Guidelinestoplan andprepareforincidentresponse3 Terms and definitionsISO /IEC 27000 defined and the following terms and definitions apply to this document. 3.1 Information Security Investigation informationsecurityinvestigation Inspections, analyzes and interpretations to help understand information security incidents (3.4). [ISO /IEC 27042, definition 3.10, modified. Replace "event" with "information security event"] 3.2 Incident Response Team incidentresponseteam IRT A team of appropriately qualified and trusted members of the organization responsible for handling incidents in the life cycle of the incident. Note. IRT is commonly referred to as CERT (Computer Emergency Response Team) and CSIRT (Computer Security Incident Response Team). 3.3 Information Security Events informationsecurityevent Indicates a possible information security violation or some control failure. 3.4 Information Security Incident informationsecurityincident Single or multiple identified informational security events that may be harmful to the organization's assets or impair its operations (3.3). ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 20985.1-2017_English be delivered?Answer: Upon your order, we will start to translate GB/T 20985.1-2017_English as soon as possible, and keep you informed of the progress. The lead time is typically 1 ~ 3 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 20985.1-2017_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 20985.1-2017_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
