HOME   Cart(0)   Quotation   About-Us Policy PDFs Standard-List
www.ChineseStandard.net Database: 189759 (19 Oct 2025)

GB/T 20985.1-2017 English PDF

US$414.00 · In stock
Delivery: <= 3 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 20985.1-2017: Information technology -- Security techniques -- Information security incident management -- Part 1: Principles of incident management
Status: Valid
Standard IDContents [version]USDSTEP2[PDF] delivered inStandard Title (Description)StatusPDF
GB/T 20985.1-2017English414 Add to Cart 3 days [Need to translate] Information technology -- Security techniques -- Information security incident management -- Part 1: Principles of incident management Valid GB/T 20985.1-2017

PDF similar to GB/T 20985.1-2017


Standard similar to GB/T 20985.1-2017

GB/T 20984   GB/T 21028   GB/T 20520   GB/T 20988   GB/T 20985.2   

Basic data

Standard ID GB/T 20985.1-2017 (GB/T20985.1-2017)
Description (Translated English) Information technology -- Security techniques -- Information security incident management -- Part 1: Principles of incident management
Sector / Industry National Standard (Recommended)
Classification of Chinese Standard L80
Classification of International Standard 35.040
Word Count Estimation 22,253
Date of Issue 2017-12-29
Date of Implementation 2018-07-01
Issuing agency(ies) General Administration of Quality Supervision, Inspection and Quarantine of the People's Republic of China, Standardization Administration of the People's Republic of China

GB/T 20985.1-2017: Information technology -- Security techniques -- Information security incident management -- Part 1: Principles of incident management


---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
Information technology - Security techniques - Information security incident management - Part 1. Principles of incident management ICS 35.040 L80 National Standards of People's Republic of China Replacing GB /Z 20985-2007 Information Technology Security Technology Information Security Incident Management Part 1. event management principles management-Part 1. Principles of Incidentmanagement (ISO /IEC 27035-1..2016, IDT) 2017-12-29 Posted 2018-07-01 implementation General Administration of Quality Supervision, Inspection and Quarantine of People's Republic of China China National Standardization Administration released Directory Foreword Ⅲ Introduction IV 1 Scope 1 2 Normative references 1 3 Terms and definitions 1 4 Overview 2 4.1 Basic Concepts and Principles 2 4.2 Incident Management Objectives 3 4.3 The benefits of structured method 4 4.4 Adaptability 5 5 stage 5 5.1 Overview 5 5.2 Planning and Preparation 5.3 Discovery and reporting 8 5.4 Assessment and Decision-Making 8 5.5 Response 9 5.6 Experience Summary 10 Appendix A (informative) and the relationship between the standard survey 11 Appendix B (informative) Information security incidents and their causes 13 Appendix C (Informative) Comparison table ISO /IEC 27001 and ISO /IEC 27035 References 17

Foreword

GB/T 20985 "Information Technology Security Technology Information Security Incident Management" is divided into three parts. --- Part 1. Incident management principles; --- Part 2. Incident Response Planning and Preparation Guide; --- Part 3. Operational Guidelines for Incident Response. This section GB/T 20985 Part 1. This section drafted in accordance with GB/T 1.1-2009 given rules. This section instead of GB /Z 20985-2007 "Information Technology Security Technology Information Security Incident Management Guide" and GB /Z 20985- 2007 compared to the main technical changes are as follows. --- By the guidance of technical documents to the recommended national standards, and is intended to be divided into three parts; --- Removed "Business Continuity Planning" terms and definitions (see.2007 version 3.1); --- Added "Information Security Investigation" "Information Security Incident Management" "Incident Handling" "Incident Response" and "Contact Point" terms and definitions (See 3.1, 3.5 ~ 3.8); --- Change the term "Information Security Incident Response Team (ISIRT)" to "Incident Response Team (IRT)" and modify its definition (see 3.2, 2007 version 3.4); --- Modify the definitions of the terms "information security matters" and "information security incidents" (see 3.3 and 3.4, versions.2007 and 3.2); --- Adjust "Planning and Preparation" "Use" "Review" and "Improve" four information security incident management processes to "Planning and Preparation" Present and report "" assessment and decision-making "" response "and" experience "five information security incident management phase, and adjust accordingly (See Chapter 5,.2007 edition 5.2 and Chapter 7 to Chapter 10). This section uses the translation method identical with ISO /IEC 27035-1..2016 "Information Technology Security Technology Information Security Incident Management Part 1. Principles of Event Management. The documents of our country that are in conformity with the corresponding international documents that are normative references in this part are as follows. --- GB/T 29246-2017 Information technology-Security technology Information security management system overview and vocabulary (ISO /IEC 27000..2016, IDT) This part of the National Information Security Standardization Technical Committee (SAC/TC260) and focal point. This section is drafted. China Electronics Standardization Institute, CLP Great Wall Internet System Application Co., Ltd., China Information Security Research Institute Co., Ltd. The main drafters of this section. Shangguan Xiaoli, Min Jinghua, Zhou Yichao, Xu Yuna, Cai Yiming. This part replaces the previous editions are. --- GB /Z 20985-2007.

Introduction

About ISO /IEC 27035 Information security policies or controls alone can not guarantee that information, information systems, services or networks are fully protected. Even with control, There may still be residual vulnerabilities, so as to reduce the effect of information security, make information security incidents easy to occur, and keep the business operation of the organization straight Potential and indirect negative effects. In addition, new threats not previously identified will inevitably occur. If the organization did not handle this incident Being well prepared will make any response less effective, but potentially negatively impacting the business. So strong for any expectation It is imperative that an organization that is in charge of information security plans carry out the following activities in a structured and planned manner. --- Discover, report and evaluate information security incidents; - Respond to information security incidents, including initiating appropriate controls to prevent and mitigate the impact and recover from it; --- Reporting information security vulnerabilities so that they can be evaluated and properly addressed; - Lessons learned from information security incidents and vulnerabilities, building preventative controls and improving overall information security incident management method. To achieve this planned approach, the following sections of ISO /IEC 27035 provide guidance on information security incident management. --- ISO /IEC 27035-1 gives the basic concepts and phases of information security incident management, and how to improve incident management. This In part, these concepts are combined with the principles of structured approaches to discover, report, evaluate and respond to events and to summarize lessons learned. --- ISO /IEC 27035-2 Describes how to plan and prepare for incident response. Partially covers the events given in ISO /IEC 27035-1 Planning and preparation of the management model and lessons learned phase. Relationship with other standards ISO /IEC 27035 is intended to complement other standards and documents that provide information security incident investigation and survey preparation guidelines. ISO /IEC 27035 is not a complete guide, but rather a reference to some of the basic principles designed to ensure the selection of the appropriate tools, techniques and methods For the desired purpose. While ISO /IEC 27035 covers the management of information security incidents, it also covers some aspects of information security vulnerability. ISO /IEC 29147 and ISO /IEC 30111 provide guidance on vulnerability disclosure and vendor vulnerability management respectively. ISO /IEC 27035 is also intended to provide guidance to decision makers who need to determine the reliability of the digital evidence presented before it. It is suitable For organizations that need to protect, analyze and present digital evidence of potential. It is a strategic decision to create and evaluate procedures related to digital evidence Institutional relationships, which are often part of larger evidential institutions. Refer to Appendix A for further information on the criteria for the survey class. Information Technology Security Technology Information Security Incident Management Part 1. event management principles

1 Scope

GB/T 20985 This section presents the basic concepts of information security incident management and process stages, and these concepts and structure The principles of the method combine to discover, report, evaluate, and respond to events, as well as to summarize the lessons learned. The event management principles presented in this section are generic and apply to organizations of any type, size, or nature. Organizations can be based on their business Type, size and nature of the information security risks associated with the situation, adjust the guidance given in this section. This section also applies to the provision of information security matters External organization of management services.

2 Normative references

The following documents for the application of this document is essential. For dated references, only the dated version applies to this article Pieces. For undated references, the latest edition (including all amendments) applies to this document. ISO /IEC 27000 Information Technology Security Technology Information Security Management System Overview and Vocabulary (Informationtechnolo- gy-Security technologies-Information security systems systems-Overview and vocabulary) ISO /IEC 27035-2 Information technology - Security technology - Part 2. Incident response planning and preparation guide (Informationtech- nology-Security technologies-Information security incident-Part 2. Guidelinestoplan andprepareforincidentresponse

3 Terms and definitions

ISO /IEC 27000 defined and the following terms and definitions apply to this document. 3.1 Information Security Investigation informationsecurityinvestigation Inspections, analyzes and interpretations to help understand information security incidents (3.4). [ISO /IEC 27042, definition 3.10, modified. Replace "event" with "information security event"] 3.2 Incident Response Team incidentresponseteam IRT A team of appropriately qualified and trusted members of the organization responsible for handling incidents in the life cycle of the incident. Note. IRT is commonly referred to as CERT (Computer Emergency Response Team) and CSIRT (Computer Security Incident Response Team). 3.3 Information Security Events informationsecurityevent Indicates a possible information security violation or some control failure. 3.4 Information Security Incident informationsecurityincident Single or multiple identified informational security events that may be harmful to the organization's assets or impair its operations (3.3).