ДСТУ ISO/IEC 27035-3:2024 Информационные технологии. Методы защиты. Управление инцидентами информационной безопасности. Часть 3. Руководство по реагированию на инциденты в сфере ИКТ (ISO/IEC 27035-3:2020, IDT...

ДСТУ ISO/IEC 27035-3:2024
(ISO/IEC 27035-3:2020, IDT)

Інформаційні технології. Методи захисту.
Керування інцидентами інформаційної
безпеки. Частина 3. Настанова щодо
реагування на інциденти у сфері ІКТ

 
   
 
 
     
Не є офіційним виданням.
Офіційне видання розповсюджує національний орган стандартизації
(ДП «УкрНДНЦ» http://uas.gov.ua)

Contents

Foreword

Introduction

1 Scope

2 Normative references

3 Terms and definitions

4 Abbreviated terms

5 Overview

5.1 General

5.2 Structure of this document

6 Common types of attacks

7 Incident detection operations

7.1 Point of contact

7.2 Monitoring and detection

7.3 Common ways detection is performed

8 Incident notification operations

8.1 Overview

8.2 Immediate incident notification

8.3 PoC structure

9 Incident triage operations

9.1 Overview

9.2 How triage is conducted

10 Incident analysis operations

10.1 Overview

10.2 Purpose of analysis

10.3 Intra-incident analysis

10.4 Inter-incident analysis

10.5 Analysis tools

10.6 Storing evidence and analysis results

11 Incident containment, eradication and recovery operations

11.1 Overview

11.2 Conducting the response for containment, eradication and recovery

11.3 Eradication

11.4 Recovery

12 Incident reporting operations

12.1 Overview

12.2 How to establish reporting

12.3 How to establish external reporting, if required

12.4 Information sharing

12.5 Other reporting considerations

12.6 Types of reports

12.7 Methods for storing reports and analysts' knowledge

Annex A (informative) Example of the incident criteria based on information security events and incidents

Bibliography