Control 5.26 helps organisations to ensure that internal and external personnel are fully engaged with published incident management processes and procedures (largely those created in Control 5.24), thereby maximising the possibility of a fast, effective resolution.
5.26 is a corrective control that modifies risk by ensuring that information security incidents are responded to through strict adherence to company procedures.
Control Type | Information Security Properties | Cybersecurity Concepts | Operational Capabilities | Security Domains |
---|---|---|---|---|
#Corrective | #Confidentiality #Integrity #Availability | #Recover #Respond | #Information Security Event Management | #Defence |
Ownership of Control 5.26 should reside with a member of the senior management team whose remit includes oversight of all incident management-related activities, such as a COO or Head of Service Delivery.
The owner should also be able to directly or indirectly manage the performance of personnel who are involved in the analysis and resolution of information security-related incidents, to drive performance management and eliminate errors.
Control 5.26 explicitly states that information security incidents should be dealt with by a dedicated team who holds the “required competency” to affect fast and thorough resolution of any incidents that come their way (see Control 5.24).
Control 5.26 outlines 10 main guidance points to ensure that incident management procedures are adhered to:
Supporting controls
27002:2022-5.26 replaces 27002:2013-16.1.5 (Response to information security incidents).
ISO 27002:2022-5.26 goes a few steps further than 27002:2013-16.1.5, with the addition of four key areas for consideration:
27002:2013-16.1.5 also makes reference to resuming “normal security level” as the primary goal of an incident response team in the early stages of an escalation. 27002:2022-5.26 makes no such reference, and instead focuses on the general need to contain threats.
The ISMS.online platform is a great tool to help you implement and manage an ISO 27002 Information Security Management System, regardless of your experience with the Standard.
Our system will guide you through the steps to successfully set up your ISMS and manage it going forward.
Get in touch today to book a demo.
I certainly would recommend ISMS.online, it makes setting up and managing your ISMS as easy as it can get.
ISO/IEC 27002:2022 Control Identifier | ISO/IEC 27002:2013 Control Identifier | Control Name |
---|---|---|
5.7 | New | Threat intelligence |
5.23 | New | Information security for use of cloud services |
5.30 | New | ICT readiness for business continuity |
7.4 | New | Physical security monitoring |
8.9 | New | Configuration management |
8.10 | New | Information deletion |
8.11 | New | Data masking |
8.12 | New | Data leakage prevention |
8.16 | New | Monitoring activities |
8.23 | New | Web filtering |
8.28 | New | Secure coding |
ISO/IEC 27002:2022 Control Identifier | ISO/IEC 27002:2013 Control Identifier | Control Name |
---|---|---|
6.1 | 07.1.1 | Screening |
6.2 | 07.1.2 | Terms and conditions of employment |
6.3 | 07.2.2 | Information security awareness, education and training |
6.4 | 07.2.3 | Disciplinary process |
6.5 | 07.3.1 | Responsibilities after termination or change of employment |
6.6 | 13.2.4 | Confidentiality or non-disclosure agreements |
6.7 | 06.2.2 | Remote working |
6.8 | 16.1.2, 16.1.3 | Information security event reporting |
ISO/IEC 27002:2022 Control Identifier | ISO/IEC 27002:2013 Control Identifier | Control Name |
---|---|---|
7.1 | 11.1.1 | Physical security perimeters |
7.2 | 11.1.2, 11.1.6 | Physical entry |
7.3 | 11.1.3 | Securing offices, rooms and facilities |
7.4 | New | Physical security monitoring |
7.5 | 11.1.4 | Protecting against physical and environmental threats |
7.6 | 11.1.5 | Working in secure areas |
7.7 | 11.2.9 | Clear desk and clear screen |
7.8 | 11.2.1 | Equipment siting and protection |
7.9 | 11.2.6 | Security of assets off-premises |
7.10 | 08.3.1, 08.3.2, 08.3.3, 11.2.5 | Storage media |
7.11 | 11.2.2 | Supporting utilities |
7.12 | 11.2.3 | Cabling security |
7.13 | 11.2.4 | Equipment maintenance |
7.14 | 11.2.7 | Secure disposal or re-use of equipment |