top of page

ISO27001:2022─Threat intelligence

In this revision, ISO27001:2022's new control item 5.7 Threat intelligence completely introduces the concept of intelligence studies "guidance-collection-processing-utilization" to help organizations/enterprises respond to the ever-changing information security threat environment.

Among them, the threat intelligence is divided into strategic threat intelligence, tactical threat intelligence, and operational threat intelligence, and it is a research and analysis method that directly introduces military strategic intelligence.


In the future, in practice, it is recommended that organizations pay attention to information security trends (the latest cyber-attack and penetration techniques, technologies, etc.) and vulnerability information as usual, collect threat intelligence, include it in the meeting agenda, and keep records; you can refer to the following resources:


Another special point is that 5.7 Threat intelligence also mentioned that organizations can generate intelligence by themselves, which means some information security events, such as abnormal traffic, more than 3 login failure alarms for an account, unknown equipment failures, etc. It should also be considered as a possible threat intelligence, and the worst possible scenarios should be assumed and dealt with appropriately. In other words, ISO hopes that organizations can view information security from an intelligence perspective and not miss any clues.

In addition, there are precedents for the practice of diverting intelligence research methods from the field of military and strategic intelligence to cybersecurity. For example, the well-known F3EAD cycle threat intelligence cycle is the crystallization of experience from the special operations of the U.S. military in anti-terrorism missions. It finds targets, locates targets, eliminates threats, collects and utilizes intelligence, analyzes and extracts useful intelligence, and publishes and shares demand units. ISO27001:2022 further simplifies this context and collects and uses cybersecurity threat intelligence in the most convenient way.


Comments


bottom of page