GB/T 20985.2-2020 English PDFUS$929.00 · In stock
Delivery: <= 7 days. True-PDF full-copy in English will be manually translated and delivered via email. GB/T 20985.2-2020: Information technology - Security techniques - Information security incident management - Part 2: Guidelines to plan and prepare for incident response Status: Valid
Basic dataStandard ID: GB/T 20985.2-2020 (GB/T20985.2-2020)Description (Translated English): Information technology - Security techniques - Information security incident management - Part 2: Guidelines to plan and prepare for incident response Sector / Industry: National Standard (Recommended) Classification of Chinese Standard: L80 Classification of International Standard: 35.040 Word Count Estimation: 50,568 Date of Issue: 2020-12-14 Date of Implementation: 2021-07-01 Adopted Standard: ISO/IEC 27035-2-2016, MOD Regulation (derived from): National Standard Announcement No. 28 of 2020 Issuing agency(ies): State Administration for Market Regulation, China National Standardization Administration GB/T 20985.2-2020: Information technology - Security techniques - Information security incident management - Part 2: Guidelines to plan and prepare for incident response---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order. (Information Technology "Security Technology" Information Security Incident Management" Part 2: Incident Response Planning and Preparation Guide) ICS 35:040 L80 National Standards of People's Republic of China Information technology security technology information security incident management Part 2: Incident Response Planning and Preparation Guide (ISO /IEC 27035-2:2016,MOD) 2020-12-14 release 2021-07-01 implementation State Administration for Market Regulation Issued by the National Standardization Management Committee Table of contentsPreface Ⅲ Introduction Ⅳ 1 Scope 1 2 Normative references 1 3 Terms and definitions, abbreviations 1 3:1 Terms and definitions 1 3:2 Abbreviations 2 4 Information security incident management strategy 2 4:1 Overview 2 4:2 Stakeholder 3 4:3 Information security incident management strategy content 3 5 Information Security Policy Update 4 5:1 Overview 4 5:2 Association of policy documents 5 6 Develop an information security incident management plan 5 6:1 Overview 5 6:2 Establish an information security incident management plan based on consensus 5 6:3 Participants 6 6:4 Information security incident management plan content 6 6:5 Event classification scale 9 6:6 Event Form 9 6:7 Processes and procedures 9 6:8 Trust and confidence 10 6:9 Handling of confidential or sensitive information 10 7 Establish an incident response team 10 7:1 Overview 10 7:2 Incident response team types and roles 11 7:3 Incident Response Team Staff 12 8 Build relationships with other organizations 14 8:1 Overview 14 8:2 Relationship with other departments of the organization 14 8:3 Relations with external stakeholders 15 9 Clear technical and other support 16 9:1 Overview 16 9:2 Examples of Technical Support 17 9:3 Other support examples 17 10 Establish information security incident awareness and training 17 11 Testing the information security incident management plan 18 11:1 Overview 18 11:2 Walkthrough 18 11:3 Incident response capability monitoring 19 12 Summary of experience 20 12:1 Overview 20 12:2 Identifying lessons learned 20 12:3 Identify and implement improvements in information security control measures 21 12:4 Identify and implement information security risk assessment and management review results improvement 21 12:5 Identify and implement improvements to the information security incident management plan 21 12:6 Incident Response Team Evaluation 22 12:7 Other improvements 22 Appendix A (informative appendix) Legal aspects 23 Appendix B (informative appendix) Information security situation, incident and vulnerability report and example form 25 Appendix C (informative appendix) Examples of information security events and event classification methods 36 Reference 45ForewordGB/T 20985 "Information Technology Security Technology Information Security Incident Management" is divided into the following parts: ---Part 1: Principles of Incident Management; ---Part 2: Incident Response Planning and Preparation Guide: This part is Part 2 of GB/T 20985: This section was drafted in accordance with the rules given in GB/T 1:1-2009: This part uses the redrafting law to amend and adopt ISO /IEC 27035-2:2016 "Information Technology Security Technology Information Security Incident Management" Management Part 2: Incident Response Planning and Preparation Guide: The technical differences between this part and ISO /IEC 27035-2:2016 and the reasons are as follows: ---Regarding normative reference documents, this section has made adjustments with technical differences to adapt to my country's technical conditions and adjustments: The situation is collectively reflected in Chapter 2 "Normative Reference Documents", and the specific adjustments are as follows: ● Replace ISO /IEC 27000 with GB/T 29246-2017, which is equivalent to adopting international standards: --- The scope chapter adds the purpose and main points of the "experience summary" stage (see Chapter 1): This section also made the following editorial changes: --- Added the abbreviations "ICT" and "UTC" (see 3:2); ---Informative reference document GB /Z 20986-2007 has been added (see Note 6:4 and Note 6:5); --- Change the footnote in B:3:2 to note (see B:3:2); ---Added references ISO 22301 and ISO 22313 (see references): Please note that certain contents of this document may involve patents: The issuing agency of this document is not responsible for identifying these patents: This part is proposed and managed by the National Information Security Standardization Technical Committee (SAC/TC260): Drafting organizations of this section: CLP Great Wall Internet System Application Co:, Ltd:, CLP Data Service Co:, Ltd:, China Electronic Technology Standardization Research Institute, National Computer Network Emergency Technology Coordination Center, Beijing Qihoo Technology Co:, Ltd:, Third Research Institute of Ministry of Public Security, National Information Center, Xi'an Dingdu Network Technology Co:, Ltd:, Shaanxi Province Network and Information Security Evaluation Center, Beijing Jiangnan Tianan Technology Co:, Ltd: The main drafters of this section: Min Jinghua, Zhou Yachao, Wang Huilai, Shangguan Xiaoli, Shu Min, Chen Yue, Zhang Yi, Wang Yanhui, Chen Changsong, Du Jiaying, Liu Bei, Li Yi, Wei Yufeng, Chen Guanzhi:IntroductionGB/T 20985 is an extension of the Information Security Management System (ISMS) series of standards, focusing on information security incident management, GB/T 22080-2016 identified it as one of the key success factors of the information security management system: There may be a large gap between the organization’s event plan and the organization’s belief that it is prepared for the event: Therefore, the GB/T 20985 Part of the guidance is provided to enhance the organization's confidence in actual preparations for information security incident response: For this reason, this section focuses on incident management Related strategies and plans, and how to establish an incident response team and continuously improve its effectiveness through experience summaries and evaluations: Information technology security technology information security incident management Part 2: Incident Response Planning and Preparation Guide1 ScopeThis part of GB/T 20985 is based on the "planning of the information security incident management phase" model given in GB/T 20985:1-2017 The "and preparation" stage and the "experience summary" stage provide guidelines for planning and preparing for incident response and summarizing experience and improvement afterwards: The main points of the "planning and preparation" phase include: ---Information security incident management strategy and top management's commitment; ---Information security policies that must be updated at the company level as well as at the system, service and network levels, including those related to risk management Information security strategy; ---Information security incident management plan; ---Establishment of Incident Response Team (IRT); ---Establish relationships and contacts with internal and external organizations; ---Technical and other aspects (including organization and operation) support; ---Awareness education and training of information security incident management; ---Testing of information security incident management plan: The main points of the "experience summary" stage include: ---Summary of experience and lessons; ---Summary and improvement of information security; ---Summary and improvement of information security risk assessment and management review results; ---Summary and improvement of information security incident management plan; ---IRT performance and effectiveness evaluation: The principles given in this section are general and applicable to organizations of any type, size or nature: Organizations can be based on their business types, regulations Mode and nature, related information security risk status, adjust the guidelines given in this section: This part also applies to the provision of information security incident management services External organization:2 Normative referencesThe following documents are indispensable for the application of this document: For dated reference documents, only the dated version applies to this article Pieces: For undated references, the latest version (including all amendments) applies to this document: GB/T 20985:1-2017 Information Technology Security Technology Information Security Incident Management Part 1: Principles of Incident Management (ISO /IEC 27035-1:2016, IDT) GB/T 29246-2017 Information Technology Security Technology Information Security Management System Overview and Vocabulary (ISO /IEC 27000: 2016, IDT) 3 Terms and definitions, abbreviations 3:1 Terms and definitions The following terms and definitions defined in GB/T 29246-2017 and GB/T 20985:1-2017 apply to this document: ......Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 20985.2-2020_English be delivered?Answer: Upon your order, we will start to translate GB/T 20985.2-2020_English as soon as possible, and keep you informed of the progress. The lead time is typically 4 ~ 7 working days. The lengthier the document the longer the lead time.Question 2: Can I share the purchased PDF of GB/T 20985.2-2020_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 20985.2-2020_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet.Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to Sales@ChineseStandard.net. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |
