Series: New Controls in ISO/IEC 27001:2022 Annex A

Threat Intelligence

The third edition of the popular information security standard ISO/IEC 27001:2022 was published in February 2022. Annex A of the standard contains a list of 93 security controls which may be implemented by organizations to mitigate security risks. The implementation details of these controls are included in ISO/IEC 27002:2022. While all controls of the previous edition of the standard (ISO/IEC 27001:2013) have been retained in the new edition (some of them have been merged and modified), 11 new controls have also been added.

In this article series, we will analyze the implementation aspects of the new controls of ISO/IEC 27001:2022 Annex A. The first article explores Control 5.7 (Threat intelligence).

Control

Control 5.7 (Threat intelligence) strives to create awareness about the threats that may affect an organization. It is important to gather information pertaining to information security threats that are relevant to the organization. This information should be analyzed to produce threat intelligence.

Attributes

Implementation of this control would help an organization prevent security attacks by identifying potential threat scenarios and staying vigilant. Being aware about new threats would also help to detect attacks early and respond by taking appropriate corrective actions to maintain the confidentiality, integrity and availability of information systems.

Implementation

The organization should implement a process to collect information about the changing threat landscape, methodologies and tools used by attackers, and details about specific attacks. Contacts may be established with Government agencies (like CERT-In) or private entities to collect the above information on a continual basis. Additionally, some organizations may choose to develop internal sources to gather threat information.

The collected information should be verified and analyzed to understand its relevance to the organization. All relevant threat intelligence needs to be communicated to relevant security personnel who should implement measures to prevent, detect and recover from future attacks. It is important to share threat intelligence with other organizations to create awareness and improve the overall information security preparedness.

Artefacts

The contents and implementation of the following security policies and procedures may be impacted by the above control:

• Risk Management Policy – An organization should consider the potential impact of identified threats during the assessment of security risks and preparation of risk treatment plans.

• Access Control Policy - Threat intelligence can influence access control decisions. For example, if a potential threat is known to impact specific systems or data, access to those resources may be restricted.

• Supplier Security Policy – Threat intelligence should be considered while selecting and managing suppliers. Processes should be defined for sharing information about threats with suppliers and partners.

• Incident Response Procedure – An organization should use threat intelligence to plan and implement the detection, containment and recovery phases of incident response.

• Security Operating Procedures – Procedures for collecting and processing threat information should be defined and implemented.

How Sujosu Technology Can Help

Sujosu Technology helps organizations design and implement systems that prioritize cyber security, data privacy and compliance. Our services include:

• Risk Assessments: Identifying cyber security and privacy requirements and vulnerabilities in applications and infrastructure.

• Countermeasures and Solutions: Providing tailored strategies to prevent, detect and recover from potential attacks.

• Compliance Documentation: Helping you comply with the requirements of specific standards and regulations by compiling policies, procedures and other relevant manuals.

• Training and Awareness: Equipping your team with the knowledge to address cyber security and privacy challenges effectively.

With Sujosu Technology’s expertise, your organization can build systems that are secure and resilient against security and privacy breaches. We can also help you achieve compliance with relevant standards and legislations. Besides, we organize webinars and publish insightful articles to create awareness on various aspects of cyber security and data privacy.

Partner with Sujosu Technology

Protect your data and ensure compliance with Sujosu Technology’s state-of-the-art cyber security and privacy services. Stay ahead of challenges and foster trust with your stakeholders.