Skip to content
Log in

ISO/IEC 27035

Definition

An international standard for information security incident management. Part 1 covers principles and concepts; Part 2 covers planning and preparation. It defines a five-phase model and aligns with the broader ISO/IEC 27000 family of standards used in audit and certification contexts.

Related terms

CREST
A UK-based not-for-profit professional body that publishes practitioner-focused incident response guidelines and operates accreditation schemes for IR service providers. CREST guidance emphasises...
Framework blending
The practice of combining elements of multiple IR frameworks: for example, using NIST as the strategic backbone, SANS phase names in operational...
NIST SP 800-61
The US National Institute of Standards and Technology's Computer Security Incident Handling Guide. It defines a four-phase IR lifecycle: Preparation; Detection and...
Phase granularity
The number and specificity of discrete steps a framework defines within the IR lifecycle. Higher granularity, as in SANS PICERL's six steps...
SANS PICERL
A six-step incident response model developed through SANS Institute training: Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned. PICERL breaks NIST's combined response...

Explained in

  • Comparing Incident Response FrameworksAn international standard for information security incident management. Part 1 covers principles and concepts; Part 2 covers planning and preparation. It defin...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account