ISO 27001 has recently been revised, integrating control measures from the 14 control areas of the old version into four major categories, including Organization Controls, People Controls, Physical Controls, and Technical Controls. In addition, some clauses have additional requirements, adjusted terms, etc.This article specifically introduces "A.5.7 Threat intelligence" in the "Organizational Control" category of the ISO 27001: 2022 version, in order to help enterprises and organizations improve the quality of cybersecurity management.
Threat intelligence refers to information related to network attacks, which is collected, converted, analyzed, and interpreted by a professional team to provide the basis for the cybersecurity decision-making process.
The "A.5.7 Threat intelligence" control measures of ISO 27001: 2022 recommend that enterprises and organizations should collect and analyze information related to information security threats to generate threat intelligence, determine what threats the enterprise may face, and take further defensive measures.
To comply with this requirement, businesses and organizations should do the following:
- Regularly review the threat environment of the enterprise (by reviewing reports from government agencies and other organizations).
- Sources of threats should be identified (e.g., insiders, competitors, criminals, terrorist groups).
- Identify possible new attack vectors and trends based on current and past events.
- Establish defenses that help mitigate information security threats to your organization.
Furthermore, enterprises and organizations should also consider three levels of threat intelligence to properly understand attackers’ attack methods. The three levels of threat intelligence are:
- Strategic Threat Intelligence: No technical details, used by the CXO level; used to identify who would want to attack? Why would they want to attack?
- Operational Threat Intelligence: requires technical background, used by SOC supervisors, analysis researchers, etc.; used to understand the attacker's TTP (tactics, techniques, procedures).
- Tactical Threat Intelligence: requires technical background, usually used by SOC personnel; monitors specific attack events with indicators of compromise (IoC).
Businesses and organizations can generate their own threat intelligence. But it's often better to take advantage of threat intelligence provided by others.
Enterprises and organizations can import threat information that has been analyzed and chained by others, which can save time, money and manpower investment. It can also comprehensively understand the cybersecurity threats they face, and avoid hacker attack teams hiding in the dark and those who have not yet gained public attention. Advanced attack techniques.
International threat intelligence sources, such as the CVE platform operated by the US non-profit organization MITER, which provides system vulnerability information and mitigation measures.
Businesses and organizations can also use threat intelligence provided by third-party vendors. TeamT5 is the leading brand in providing threat intelligence in the Asia-Pacific region.
TeamT5 takes advantage of geographical and cultural advantages to research and publish threat intelligence reports. The threat intelligence category covers strategic, operational and tactical content, which helps the cybersecurity team foresee potential threats and events, and provides action guidance for decision-makers to further make accurate cybersecurity defense decisions in order to reduce risks. The content covers cybersecurity threats such as vulnerability analysis and advanced persistent attacks.
Know more about our threat intelligence solution: ThreatVision
Related Post
ThreatVision Resources
2024.01.01
Threat Intelligence Platform (TIP) : Key Considerations for Procurement
cyber threat intelligence
ThreatVision Resources
2022.05.22
What is Cyber Threat Intelligence (CTI)? Why Does It Matter?
cyber threat intelligence, threat hunting