标准摘要
[中文适用范围]: 本文件为信息通信技术(ICT)安全运营中的信息安全事件响应提供了指导原则。文件首先从人员、流程和技术的角度,概述了 ICT 安全运营的运作层面;随后聚焦于信息安全事件响应,涵盖事件检测、报告、分级、分析、响应、遏制、根除、恢复及结案等关键环节。本文件不涉及非 ICT 相关的事件响应,例如纸质文档丢失等情况。 本文件基于 ISO/IEC 27035-1:2016 标准中“信息安全事件管理阶段”模型的“检测与报告”“评估与决策”以及“响应”阶段。文中所述原则具有一般性,适用于各类组织,无论其类型、规模或性质如何。组织可根据自身业务类型、规模及性质,结合信息安全风险状况,对本文件规定进行适当调整。此外,本文件亦适用于提供信息安全事件管理服务的外部组织。 [外文原描述]: This document gives guidelines for information security incident response in ICT security operations. This document does this by firstly covering the operational aspects in ICT security operations from a people, processes and technology perspective. It then further focuses on information security incident response in ICT security operations including information security incident detection, reporting, triage, analysis, response, containment, eradication, recovery and conclusion. This document is not concerned with non-ICT incident response operations such as loss of paper-based documents. This document is based on the "Detection and reporting" phase, the "Assessment and decision" phase and the "Responses" phase of the "Information security incident management phases" model presented in ISO/IEC 27035‑1:2016. The principles given in this document are generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the provisions given in this document according to their type, size and nature of business in relation to the information security risk situation. This document is also applicable to external organizations providing information security incident management services.
英文名称Information technology - Information security incident management - Part 3: Guidelines for ICT incident response operations