ISO 27001 Annex A 5.7 is about threat intelligence. This is a new control in the 2022 update to the standard. It asks organizations to collect and study information about security threats. The goal is to be proactive and take action to stop threats before they cause harm.
Table of contents
What Is Threat Intelligence?
Threat intelligence is the process of gathering and analysing data about threats. This helps you understand who the attackers might be, what they want, and how they might try to attack. This information can come from many places, such as:
- Internal reports: Information from your own security systems.
- External sources: News about threats, reports from other companies, or information from government groups.
- Commercial feeds: Paid services that provide threat data.
What are the different levels of threat intelligence?
There are three main levels:
- Strategic: This is high-level information about the big picture of threats, like who the main attackers are and what their goals are.
- Tactical: This gives details on how attackers work, including their tools and methods.
- Operational: This is very specific information about an ongoing or recent attack, like a list of malicious websites or files.
What is ISO 27001 Annex A 5.7?
The latest version of the ISO 27001 standard is ISO/IEC 27001:2022 (published in October 2022).
In the ISO/IEC 27001:2022 Standard the control is titled “Threat Intelligence”.
What is the ISO 27001 Annex A 5.7 control objective?
The formal definition and control objective in the standard is: “Information relating to information security threats should be collected and analysed to produce threat intelligence.“
What is the purpose of ISO 27001 Annex A 5.7?
The purpose of ISO 27001 Annex A 5.7 is “To ensure you provide awareness of the organisations threat environment so that the appropriate mitigation actions can be taken.“
Is ISO 27001 Annex A 5.7 Mandatory?
ISO 27001 Annex A control 5.7 (Threat Intelligence in the 2022 standard) is not automatically mandatory in the same way the clauses in the main body of the standard (clauses 4 through 10) are.
The mandatory part of the standard requires you to consider ISO 27001 Annex A 5.7 and all other Annex A controls, but you have the flexibility to exclude it if it is not applicable to your organisation’s specific risks and context.
Key Parts of the Rule
To follow this rule, you should have clear plans and policies. Here are some important steps:
- Have a plan: Set clear goals for what you want to learn from threat information.
- Find sources: Figure out where you will get your threat information.
- Collect data: Set up ways to get this information on a regular basis.
- Analyse it: Look at the data to find threats that might affect your company.
- Take action: Use what you learn to make your security better.
What an Auditor Will Check
An auditor will want to see proof that you are following these rules. They will look for:
- Evidence you are gathering and studying threat information.
- Evidence that you are using that information to improve your security.
- Ensuring that threat intelligence is part of your company’s risk management plan.
You can learn more about threat intelligence and ISO 27001 by watching this video: Mastering Threat Intelligence: A Comprehensive Guide
