ISO/IEC 27035. Information security incident management

ISO-IEC 27035. Information security incident management


Information security incidents have become a common occurrence in today’s landscape, where every organization, regardless of its size or dependence on IT&C, can be the victim of an attack.

Security controls and policies alone cannot guarantee a total protection of information, networks, systems or services, because  there will always be residual vulnerabilities that may be exploited by threats, leading to information security incidents. Furthermore, it is inevitable that new instances of previously unidentified threats cause incidents to occur.

The consequences of an information security incident can go from minor disturbances to the regular operations, up to the collapse of the entire organization. The insufficient preparation to deal with incidents will make the response of the organization less effective and will increase the degree of potential adverse business consequences.

Therefore, it is mandatory for each company to design and to implement a robust information security programme, with a key part of that programme dedicated to the handling of incidents.

This course presents the guidelines for managing information security incidents provided by ISO/IEC 27035.

This international standard proposes a process that includes 5 phases:

– plan and prepare where plans and policies are developed, training and awareness are provided, the necessary resources are identified and made available, forms are established and organizational structures, such as the incident management team and the incident response team are set up;

– detect and report, where information security events are identified, reported;

– assess and decide, where incidents are categorized based on their impact on the organization and analyzed to determine the most suitable solutions for the response;

– respond, where the incident is contained first, then eradicated and in the end the systems and services affected by the incident are recovered; and

– learn lessons, where the organization uses the information collected while handling incidents to improve its process, its security controls and organizational processes.

A section of the course is dedicated to each of the five steps of the incident management process and along the way there are examples and case studies to make your learning journey more useful and pleasant.

By participating in this course you will understand the concepts and tools of incident management; you will learn about how to categorize and analyze information security incidents; you will improve your skills in the information security management field and you can confidently apply for a certification as incident manager.

You can use the information in this course to design or to improve your company’s processes for managing information security incidents. You can use the course as support for your consulting services or for auditing purposes. Or, you can use this course as a method to advance your career in information security management.

Who this course is for:

  • Information security incident managers
  • Information security managers
  • Information security auditors
  • Members of incident response teams (IRTs)
  • IT managers
  • ISO consultants and auditors
  • Information security risk managers
  • IT system administrators
  • Individuals interested in information security management


  • Familiarity with the ISO standards on information security management is helpful, but not mandatory

Last Updated 1/2021

Download Links

Direct Download

ISO/IEC 27035. Information security incident (2.3 GB) | Mirror

Leave a Reply

Your email address will not be published. Required fields are marked *