Security Incident Management according to ISO 27001
I am wondering if anyone out there has implemented or tried to implement security incident management aligned to either ISO 27001 or ISO 27035.
I am wondering if you can share your experiences on the following:
1. challenges in adopting the Standard definitions and applying real-life examples
2. dilemma of: possibility of seeing almost all events or incidents as security incidents and what did you do to overcome it
3. did you standardise and refine your infosec incident management by spelling out what incidents will you be targeting and what you won't
You must sign in to rate content.
You must login to leave a comment.