《ISO IEC 27035-1-2023.docx》由会员分享,可在线阅读,更多相关《ISO IEC 27035-1-2023.docx(10页珍藏版)》请在第壹文秘上搜索。
1、INTERNATIONA1.STANDARDISO/IEC27035-1editionSecond2023-02Informationtechno1.ogy一Informationsecurityincidentmanagement一P刑qp1.esandprocessTechno1.ogiesdeinformationGestiondesincidentsdesecuritedeinbrmaUon-Panie1:PrincipesetprocessusReferencenumberISO/IEC27035-1.:2023(E)ContentsForeword5.15.2OVerVieWP1.
2、anandprepare11IS5.3DMe66and(tapdet5.51H5.61.earn1.essons2016Introductionv2Scope13Normativereferences1Terms,definitionsandabbreviatedterms3.143.2Termsanddefinitions1AbbreViatedterms3Overview4.14.2BaS1.CConCeP(S3Objectivesofincidentmanagement44.34.5IAduif1.tibdftys1.ruc1.urec1.appraach6Capabi1.ity74.5
3、.1Genera1.7轼与也困解椭时却KfteSSStrUCtUre84.64.7CommUn1.Cat1.on10Documentation1()W5fPrt104.7.3Incidentmanagement1.og104.7.4i1._Incidentrepor(11ProCeSS11AnnexA(informative)Re1.ationshiptoinvestigativestandards22AnnexB(informative)Examp1.esofinformationsecurityincidentsandtheircauses25AnnexC(informative)Cros
4、s-referencetab1.eofISO/IEC27001totheISO/IEC27035series29Annexan(informative)31Bib1.iography32ForewordISO(theInternationa1.OrganizationforStandardization)andIEC(theInternationa1.E1.ectrotechnica1.GtumbissiobJSdrmIHGB耐IUAWHOPhAWMIQtHtandandhaiion.S出口dddtghtechniojbcommitteesestab1.ishedbytherespective
5、organizationtodea1.withparticu1.arfie1.dsoftechnica1.activity.ISOandIECmitteesco1.1.aborateinfie1.dsofmutua1.interestOtherinternationa1.organizations,governmenta1.andnon-governmenta1.rin1.iaisonwithISOandIEC,a1.sotakepartintheTheproceduresusedtodeve1.opthisdocumentandthoseintendedforitsfurthermainte
6、nance侬dcddc抑IbCdthe1.nd睢t1.S(W拒丽燃始rM丽坪Mar,t帕小瞰崛nM一期礴曲3iMnISO/IECDirectives.Part2(seewww.iso.org/dircctivesorwww.iec.ch/members.experts/refdocs).A(ftftFrigWjwng&%愁S画出n1.wf!三b1.e由三gSVhyM岬BwiR9WriirectedAvvv4SyWMFS7tm)standardswww.iec.ch/nationa1.-committees.ISO/IEC2023-A11rightsreservedkUbjeetrights.D
7、etai1.sofanypatentrightsidentifiedduringthedeve1.opmentOfURd屋Um1.n1.Wi1.IbuintheIntroductionand/orontheISO1.istofpa;4o(seewww.iso.org/patents)ortheIEC1.istofpatentdec1.arationsreceived(seehttpspatents.iecch).Anytradenameusedinthisdocumentisinformationgivenfortheconvenienceofusersanddoesnotconstitute
8、anendorsement.B即邮SiOnSeX阀ChrtbMt也网tbwfthy前榄喇Ufn1.Sta冰ttds,tEfmw加即曲依域QificadHemmcerfmi,haWOndTad。QIganiuion(WTo)princip1.esinth。Tyhnica1.Ba沁gUTFad(TBT)seewwvv.iso.org/iso/foreword.htm.IntheIEC.seewww.iec.chunderstandingstandards.j族。例M腺里SC编妞肿群梆隰CUrj夕或M1.wfm阳(SOI&肪小econ./brmaontechno1.ogy,Thissecondedi
9、tioncance1.sandrep1.acesthefirstedition(ISO/IEC27035-1:2016),whichhasbeentechnica1.1.yrevised.Themainchangesareasfo1.1.ows:thetit1.ehasbeenmodified;newtermsincidentmanagementteam*and,incidentcoordinator*aredefinedinC1.ause3;new4bdaH24.5,44and-47areaddedinC1.ue4;thetit1.eofC1.ause5hasbeenchangedto*Pr
10、ocess;anewAnnexDhasbeenadded;thetexthasbeeneditoria1.1.yrerised.A1.istofa1.1.partsintheISO/IEC27035SerieSCanbefoundontheISOandIECwebsites.B.3InformationgatheringIngenera1.terms,theinformationgatheringcategoryofincidentsinc1.udesthoseactivitiesassociatedOfith1.hrves)nJcM*以feBMd,andwithuHcwtahHigrtM!*
11、Mi峭:runningonthosetargets.Thistypetheexistenceofatarget,andtounderstandthenetworkphysica1.or1.ogica1.topo1.ogy(e.g.ITnetwork,faci1.ity,communicates;organisationa1.structure)surroundingit,andwithwhomthetargetroutine1.ypotentia1.vu1.nerabi1.itiesinthetargetoritsimmediateenvironmentthatcanbeexp1.oited.
12、Tjrpica1.examp1.esofinformationgatheringbytechnica1.meansinc1.udethefo1.1.owing:reconnaissanceandidentifkationofavictimson1.ineinfrastructurebyperformingsearchesonknowndomainnamesorIPaddresses,orbyana1.ysingpassiveDNSinformation;pingingnetworkaddressestofindsystemsthatarea1.ive;probingthesystemtoide
13、ntify(e.g.fingerprint)thehostoperatingsystem;theASV相i4*rfesPfittworkservices;ege-mai1.,Fi1.escanningforoneormoreknownvu1.nerab1.eservicesacrossanetworkaddressrange(horizonta1.scanning).Insomecases,technica1.informationgatheringextendsintounauthorizedaccessif,forexamp1.e,aspartofsearchingforvu1.nerab
14、i1.ities,theattackera1.soattemptstogainunauthorizedaccess.Thiscommon1.y谶R长Hftfcte超9鼠ems,thSftfervicesfi限netvJBi*ksvu1.nera蜘iesfound.a1.soautomatica1.1.yattempttoInformationgatheringincidentscausedbynon-technica1.means,resu1.tingin:directorindirectdisc1.osureormodificationofinformation;theftofinte1.1
15、.ectua1.propertystorede1.ectronica1.1.y;breachesofaccountabi1.ity,e.g.inaccount1.ogging;misuseOfinformationsystems(e.g.contraryto1.awororganizationpo1.icy).Informationgatheringincidentscanbecaused,forexamp1.e,by:breachesofphysica1.securityarrangementsresu1.tinginunauthorizedaccesstoinfo11nation,andtheftofdatastorageequipmentthatcon
