The new control id 5.7 Threat intelligence has been added to ISO/IEC 27002:2022 to provide awareness of the organisations threat environment so that the appropriate mitigation actions can be taken.
The control is regarding information relating to information security threats that should be collected and analysed to produce threat intelligence.
The new control prevents threats from causing harm to the organisation and reduces the impact of such threats as well as dividing threat intelligence into three layers:
Strategic threat intelligence: information about the changing types of attacks or types of attackers.
Tactile threat intelligence: information about attacker methodologies, tools and technologies involved.
Operational threat intelligence: details about specific attacks, including technical indicators.Organisations can use threat intelligence to Prevent, detect or respond to threats.
How to Evidence A5.7 of ISO 27002:2022
Organisations can evidence control A5.7 in several ways, including:
- Maintaining contact with authorities who issue guidance on cyber threats,
- Implementing intruder preventions or intruder detection systems,
- Procuring anti-malware software.
Implement A5.7 Threat Intelligence
If you need assistance with control A5.7, Assent’s ISO 27002 Consultants can help.