According to ISO/IEC 27001, what else must an incident management process include?

The incident management process of an organization enables them to prepare for and respond to information security incidents. In addition, the organization has procedures in place for assessing information security events.

According to ISO/IEC 27001, what else must an incident management process include?

A. Processes for using knowledge gained from information security incidents

B. Establishment of two information security incident response teams

C. Processes for handling information security incidents of suppliers as defined in their agreements

View Answer

Answer: A

Explanation:

According to ISO/IEC 27001, an incident management process must include processes for using knowledge gained from information security incidents to reduce the likelihood or impact of future incidents, and to improve the overall level of information security. This means that the organization should conduct a root cause analysis of the incidents, identify the lessons learned, and implement corrective actions to prevent recurrence or mitigate consequences. The organization should also document and communicate the results of the incident management process to relevant stakeholders, and update the risk assessment and treatment plan accordingly. (Must be taken from ISO/IEC 27001 : 2022 Lead Implementer resources)

Reference: ISO/IEC 27001 : 2022 Lead Implementer Study guide and documents, specifically:

ISO/IEC 27001:2022, clause 10.2 Nonconformity and corrective action

ISO/IEC 27001:2022, Annex A.16 Information security incident management

ISO/IEC TS 27022:2021, clause 7.5.3.16 Information security incident management process

PECB ISO/IEC 27001 Lead Implementer Course, Module 9: Incident Management