British Standards contain the combined knowledge of experienced UK subject experts often working together with their international colleagues in an open, consensus-based process.
You can read a description of these standards and some other relevant publications that are available from BSI or other organizations below:
Standard number/name | Description/Benefits | Published by |
BS ISO/IEC 27002 Code of practice for information security controls | BS ISO/IEC 27002 covers managing security incidents and wider business continuity issues, as well as backing up data. | BSI |
BS ISO/IEC 27035 Information security incident management | BS ISO/IEC 27035 covers incident management in detail. A new version is under development which will have three separate parts. ISO/IEC 27035-1 will deal with principles; ISO/IEC 27035-2 will explain planning in advance of incidents; while ISO/IEC 27035-3 will deal with incident response | BSI |
SP 800-61, Computer Security Incident Handling Guide | Also worth a read is the US National Institute of Standards and Technology Special Publication SP 800-61, Computer Security Incident Handling Guide. | US National Institute of Standards and Technology |
BS ISO/IEC 27037 Guidelines for identification, collection, acquisition, and preservation of digital evidence | BS ISO/IEC 27037 explains how to deal with malicious online activity. | BSI |
ACPO Good Practice Guide for Digital Evidence | An alternative source of advice is the ACPO Good Practice Guide for Digital Evidence, which is published by the Association of Chief Police Officers | Association of Chief Police Officers |
BS ISO 22301 Business continuity management systems requirements | Planning for cyber incidents is part of the wider process of business continuity management. Here BS ISO 22301 offers sound advice | BSI |
BS ISO 22313 Business continuity management systems guidance | Recovering from cyber incidents is also part of the wider process of business continuity management. BS ISO 22313 is the standard covering this area. | BSI |
BS ISO/IEC 27031 Guidelines for information and communication technology readiness for business continuity | BS ISO/IEC 27031 is the planning standard to help organizations ensure that their cyber systems meet their business continuity needs. | BSI |