|Title:||ISO/IEC TR 18044:2004 – Information technology -- Security techniques -- Information security incident management|
(Note: this is a reference to the ISO page where the standard can be acquired. However, the standard is not free of charge, and its provisions are not publicly available. For this reason, specific provisions cannot be quoted).
|Topic:||Technical Report (TR) containing generally accepted guidelines and general principles for information security incident management in an organization.|
|Direct / indirect relevance||Direct. While not legally binding, the text contains direct guidelines for incident management.|
|Scope:||Not publicly available ISO TR, which can be voluntarily used.|
|Legal force:||Nonbinding ISO TR.|
|Affected sectors:||Generic. The TR can be used in any sector confronted by information security incident management needs.|
|Relevant provision(s):||The TR is not free of charge, and its provisions are not publicly available. For this reason, specific provisions cannot be quoted.
Generally, the abstract describes the TR’s content as follows:
“ISO/IEC TR 18044:2004 provides advice and guidance on information security incident management for information security managers and for information system managers.
ISO/IEC TR 18044:2004 provides
• information on the benefits to be obtained from and the key issues associated with a good information security incident management approach (to convince senior corporate management and those personnel who will report to and receive feedback from a scheme that the scheme should be introduced and used);
• information on examples of information security incidents, and an insight into their possible causes;
• a description of the planning and documentation required to introduce a good structured information security incident management approach;
• a description of the information security incident management process*.
* Quick, co-ordinated and effective responses to an information security incident require extensive technical and procedural preparations. Information security incident responses may consist of immediate, short- and long-term actions. Any actions undertaken as the response to an incident should be based on previously developed, documented and accepted security incident response procedures and processes, including those for post-response analysis.’
|Relevance to RM/RA:||The standard is a high level resource introducing basic concepts and considerations in the field of incident response. As such, it is mostly useful as a catalyst to awareness raising initiatives in this regard.|