This guiding technical document describes the management process of information security incidents. Provides guidance for planning and developing an information security incident management strategy and program. The relevant processes and procedures for managing information security incidents and carrying out follow-up work are given. This guiding technical document can be used to guide information security managers, information system, service and network managers on the management of information security incidents.
GB/Z 20985-2007 Referenced Document
GB/T 19716-2005 Information technology.Code of practice for information security management
GB/Z 20986-2007 Information security technology.Guidelines for the category and classification of information security incidents
ISO/IEC 13335-1:2004 Information technology - Security techniques - Management of information and communications technology security - Part 1: Concepts and models for information and communications technology security management
GB/Z 20985-2007 history
2017GB/T 20985.1-2017 Information technology - Security techniques - Information security incident management - Part 1: Principles of incident management
2007GB/Z 20985-2007 Information technology.Security techniques.Information security incident management guide
GB/Z 20985-2007 Information technology.Security techniques.Information security incident management guide was changed to GB/T 20985.1-2017 Information technology - Security techniques - Information security incident management - Part 1: Principles of incident management.