ISO/IEC 27035-2:20 23本文件提供了规划和准备事件响应以及从事件响应中吸取经验教训的指南。该指南基于ISO/IEC 27035-1:20 23、5.2和5.6中介绍的信息安全事件管理阶段模型的“计划和准备”和“吸取教训”阶段。 “计划和准备”阶段的要点包括: -信息安全事件管理政策及最高管理层的承诺； -在组织一级以及系统、服务和网络一级更新信息安全政策，包括与风险管理有关的政策； -资讯安全事故管理计划； -成立事故管理小组； -与内部和外部组织建立关系和联系；-技术和其他支助（包括组织和业务支助）； -资讯安全事件管理意识简报及培训。 “吸取教训”阶段包括: -确定需要改进的领域； -确定并作出必要的改进； -事件响应小组（IRT）评估。 本文件中给出的指导是通用的，旨在适用于所有组织，无论其类型、规模或性质如何。组织可以根据其与信息安全风险状况相关的业务类型、规模和性质调整本文档中给出的指导。本文件也适用于提供信息安全事件管理服务的外部组织。

ISO/IEC 27035-2:2023 This document provides guidelines to plan and prepare for incident response and to learn lessons from incident response. The guidelines are based on the “plan and prepare” and “learn lessons” phases of the information security incident management phases model presented in ISO/IEC 27035-1:2023, 5.2 and 5.6.
The major points within the “plan and prepare” phase include:
- information security incident management policy and commitment of top management;
- information security policies, including those relating to risk management, updated at both organizational level and system, service and network levels;
- information security incident management plan;
- Incident Management Team (IMT) establishment;
- establishing relationships and connections with internal and external organizations;
- technical and other support (including organizational and operational support);
- information security incident management awareness briefings and training.
The “learn lessons” phase includes:
- identifying areas for improvement;
- identifying and making necessary improvements;
- Incident Response Team (IRT) evaluation.
The guidance given in this document is generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the guidance given in this document according to their type, size and nature of business in relation to the information security risk situation. This document is also applicable to external organizations providing information security incident management services.