Framework encourages effective collaboration with external partners during information security incident response
3 February 2025: A new framework designed to help organizations coordinate all types of information security incidents affecting multiple partners has been published by UK national standards body, BSI. The Information Security Incident Management standard (ISO/IEC 27035-4) is the fourth addition to a series intended to enhance incident management practices and protect global business from cyber threats.
Cybersecurity has emerged as a critical priority as supply chains become increasingly digitized, prompting companies to adopt stricter digital standards and invest in proactive risk assessment technologies. With global cybercrime damage costs predicted to reach $10.5 trillion USD annually and the regulatory landscape also evolving at pace, it’s ever more crucial that organizations can adapt quickly to developing threats and that they have a robust incident management and coordination plans in place.
Coordination is critical, particularly when there are multiple partners involved, as with a number of incidents in 2024. Effective coordination bolsters organizational resilience against business disruptions and reduces future risks by improving internal security measures. The framework, which can be applied to organizations of all types and sizes, has been designed to help businesses collaborate effectively with external partners during the process.
The standard recognises the breadth of partners involved both within and outside the organization, from IT representatives and business managers to legal departments and crisis communication teams. It provides guidance for the coordinating team to perform activities supporting the inter-organization incident response, and considers the following stages of an incident:-
- Planning and preparation: Reaching an agreement on coordination policies and public framework, establishing communication channels, appointing an incident coordinator and conducting training
- Detection and reporting: Encouraging all members to actively share threat intelligence. It establishes a threat information exchange mechanism and takes technical measures to ensure the security of information transfer channels
- Assessment and decision: How organizations should work together to assess the impact of a specific incident and decide on the initiation of coordination
- Response and Recovery: How organizations should work together to determine the coordinated incident response plan, then implement their parts accordingly back in their organizations
- Continual improvement: The best way for a single organization or multiple organizations in the community to jointly evaluate the incident response process, especially the coordination process, in order to support future improvement.
David Cuckow, Director of Digital, BSI said: “As core business practices become increasingly cloud-based and digitally reliant, it’s absolutely critical for organizations to stay alert to cyber threats. This is especially true as emerging information security threats are becoming increasingly sophisticated and can have a huge impact across organizations and society. Incidents that cross organizational boundaries can be difficult to resolve by a single organization.
“This new framework has been designed to support organizations with managing such incidents and ensuring that all parties work together to ensure they are resolved in a coordinated manner, accelerating progress towards a resilient digital future, a fair society and sustainable world.”
For more information on the standard, please click here
