ISO 27035 Information Security Incident Management Training

The ISO 27035 Information Security Incident Management course provides a structured approach to detecting, reporting, assessing, and responding to information security incidents. Based on ISO 27035, this course equips professionals with the tools to build a proactive incident response framework that minimises damage, ensures compliance, and supports business continuity. It is ideal for IT security teams, risk managers, and compliance professionals.

Key Topics Covered 

• Introduction to ISO 27035: Scope, structure, and principles of information security incident management 

• Incident Planning and Preparation: Establishing policies, roles, communication channels, and response strategies 

• Detection and Reporting: Identifying security incidents, logging events, and reporting processes 

• Response and Recovery: Analysing incidents, containing threats, and restoring operations 

Course Benefits 

• Minimised Downtime: Reduce response time and impact of cyber incidents  

• Compliance Support: Meet requirements for ISO 27001, GDPR, and other security standards 

• Preparedness and Resilience: Build an organisation-wide security response culture 

• Reputational Protection: Limit financial and brand damage through timely action

This course is ideal for professionals involved in cybersecurity, risk, compliance, or IT management, including: 

• Information Security Officers 

• Incident Response Team Members 

• Risk and Compliance Managers 

• IT Managers and System Administrators 

• Network and Security Analysts 

• Business Continuity Planners 

Module 1: Introduction

• Scope
• Normative References
• Terms and Definitions

Module 2: Overview

• Basic Concepts and Principles
• Objectives of Incident Management
• Benefits of a Structured Approach
• Adaptability
• Phases
• Examples of Information Security Incidents

Module 3: Incident Management Process

• Incident Logging
• Incident Categorisation
• Incident Prioritisation
• Incident Assignment
• Task Creation and Management
• SLA Management and Escalation
• Incident Resolution
• Incident Closure

Module 4: Plan and Prepare Phase

• Overview of Key Activities
• Information Security Incident Management Policy
• Information Security Incident Management Integration in Other Policies
• Information Security Incident Management Scheme
• Establishment of the ISIRT
• Technical and Other Support (Including Operational Support)
• Awareness and Training
• Scheme Testing

Module 5: Detection and Reporting Phase

• Overview of Key Activities
• Event Detection
• Event Reporting

Module 6: Assessment and Decision Phase

• Overview of Key Activities
• Assessment and Initial Decision by the PoC
• Assessment and Incident Confirmation by the ISIRT

Module 7: Responses Phase

• Overview of Key Activities
• Responses

Module 8: Lessons Learnt Phase

• Overview of Key Activities
• Further Information Security Forensic Analysis
• Identifying the Lessons Learnt
• Identifying and Making Improvements to Information Security
  • Control Implementation
  • Risk Assessment and Management Review Results
  • Incident Management Scheme
• Other Improvements

By the end of the course, learners will be able to: 

• Understand the ISO 27035 framework for managing information security incidents
• Establish incident response plans and reporting structures
• Detect and assess security events across digital environments
• Coordinate timely, effective containment and recovery
• Drive continual improvement in incident preparedness and resilience

To achieve the ISO 27035 Information Security Incident Management Certification, candidates will need to sit for an examination. The exam format is as follows:  

• Question Type: Multiple Choice  

• Total Questions: 30  

• Total Marks: 30 Marks  

• Pass Mark: 50%, or 15/30 Marks  

• Duration: 40 Minutes