本文件为ICT安全运营中的信息安全事件响应提供了指导方针。本文首先从人员、流程和技术的角度介绍了ICT安全运营的运营方面。然后，它进一步关注ICT安全运营中的信息安全事件响应，包括信息安全事件检测、报告、分类、分析、响应、遏制、根除、恢复和结论。 本文件不涉及非ICT事件响应操作，如纸质文件的丢失。 本文件基于ISO/IEC 27035中提出的“信息安全事件管理阶段”模型的“检测和报告”阶段、“评估和决策”阶段和“响应”阶段？1:2016. 本文件中给出的原则是通用的，旨在适用于所有组织，无论其类型、规模或性质如何。组织可以根据其与信息安全风险情况相关的业务类型、规模和性质调整本文档中给出的规定。 本文件也适用于提供信息安全事件管理服务的外部组织。

This document gives guidelines for information security incident response in ICT security operations. This document does this by firstly covering the operational aspects in ICT security operations from a people, processes and technology perspective. It then further focuses on information security incident response in ICT security operations including information security incident detection, reporting, triage, analysis, response, containment, eradication, recovery and conclusion.
This document is not concerned with non-ICT incident response operations such as loss of paper-based documents.
This document is based on the "Detection and reporting" phase, the "Assessment and decision" phase and the "Responses" phase of the "Information security incident management phases" model presented in ISO/IEC 27035？1:2016.
The principles given in this document are generic and intended to be applicable to all organizations, regardless of type, size or nature. Organizations can adjust the provisions given in this document according to their type, size and nature of business in relation to the information security risk situation.
This document is also applicable to external organizations providing information security incident management services.