ISO/IEC 27035: Introduction
The ISO/IEC 27035: Introduction course provides a structured overview of information security incident management based on ISO/IEC 27035, the international standard that offers guidance for planning, establishing, operating, and improving incident management processes. ISO/IEC 27035 is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It supports organizations in responding to information security incidents in a systematic, coordinated, and effective manner, and aligns closely with ISO/IEC 27001 requirements for incident response and continual improvement. This introductory course is designed to build foundational understanding of incident management concepts, terminology, roles, and processes. It is suitable for professionals who support Information Security Management Systems (ISMS), cybersecurity operations, governance, risk, compliance, and audit functions. Course Objectives By the end of this course, participants will be able to: Understand the purpose and scope of ISO/IEC 27035 Explain core information security incident management concepts Describe the incident management lifecycle Recognize roles and responsibilities in incident management Understand how incident management supports an ISMS
Course Curriculum
1
- What is an information security incident?
- Events vs incidents
- Types of information security incidents
- Business and operational impact of incidents
2
- Purpose and scope of ISO/IEC 27035
- Intended users of the standard
- Benefits of applying ISO/IEC 27035
- Relationship with ISO/IEC 27001 and ISO/IEC 27002
3
- Structured and coordinated response
- Timeliness and effectiveness
- Communication and escalation
- Continual improvement
4
- Planning and preparation
- Detection and reporting
- Assessment and decision-making
- Response and recovery
- Lessons learned
5
- Sources of incident detection
- Internal and external reporting mechanisms
- Incident logging and tracking
- Initial triage and escalation
6
- Incident severity and impact assessment
- Prioritization criteria
- Stakeholder involvement
- Decision-making processes
7
- Incident response roles and teams
- Responsibilities during incidents
- Internal and external communication
- Coordination with management and stakeholders
8
- Supporting ISO/IEC 27001 requirements
- Linking incidents to risk management
- Input to corrective actions and improvement
- Supporting audits and management review
9
- Typical incident management pitfalls
- Ensuring consistency and readiness
- Documentation and evidence handling
- Building incident response awareness
10
- Information security and IT professionals
- ISMS implementers and coordinators
- Risk, compliance, and governance staff
- Internal auditors and consultants
- Professionals new to incident management
11
- No formal prerequisites
- Basic understanding of information security concepts is beneficial
This course includes
- 11+ Activity Modules
- 40 hours + lessons
- Lifetime access
- Certificate of completion
- Available on desktop and mobile
Some of Our Partners
