The Information Security Incident Management standard (ISO/IEC 27035-4) is the fourth addition to a series intended to enhance incident management practices and protect global business from cyber threats.

Cyber security has emerged as a critical priority as supply chains become increasingly digitized, prompting companies to adopt stricter digital standards and invest in proactive risk assessment technologies. With global cyber crime damage costs predicted to reach $10.5 trillion USD annually and the regulatory landscape also evolving at pace, it’s ever more crucial that organisations can adapt quickly to developing threats and that they have a robust incident management and coordination plans in place.

Coordination is critical

Coordination is critical, particularly when there are multiple partners involved, as with a number of incidents in 2024. Effective coordination bolsters organizational resilience against business disruptions and reduces future risks by improving internal security measures. The framework, which can be applied to organisations of all types and sizes, has been designed to help businesses collaborate effectively with external partners during the process.

The standard recognises the breadth of partners involved both within and outside the organisation, from IT representatives and business managers to legal departments and crisis communication teams. It provides guidance for the coordinating team to perform activities supporting the inter-organisation incident response, and considers the following stages of an incident:-

Planning and preparation:

Reaching an agreement on coordination policies and public framework, establishing communication channels, appointing an incident coordinator and conducting training

Detection and reporting:

Encouraging all members to actively share threat intelligence. It establishes a threat information exchange mechanism and takes technical measures to ensure the security of information transfer channels

Assessment and decision:

How organisations should work together to assess the impact of a specific incident and decide on the initiation of coordination

Response and Recovery:

How organisations should work together to determine the coordinated incident response plan, then implement their parts accordingly back in their organisations

Continual improvement:

The best way for a single organisation or multiple organisations in the community to jointly evaluate the incident response process, especially the coordination process, in order to support future improvement.

David Cuckow, Director of Digital, BSI said: “As core business practices become increasingly cloud-based and digitally reliant, it’s absolutely critical for organisations to stay alert to cyber threats. This is especially true as emerging information security threats are becoming increasingly sophisticated and can have a huge impact across organizations and society. Incidents that cross organisational boundaries can be difficult to resolve by a single organisation.

“This new framework has been designed to support organisations with managing such incidents and ensuring that all parties work together to ensure they are resolved in a coordinated manner, accelerating progress towards a resilient digital future, a fair society and sustainable world.”