Threat Intelligence has been added to ISO 27002. This is what you must do to comply … 🧵 👉
#threatintel #cybersecurity #infosec #iso27001 #iso27002
ISO 27002 requirements for #threatintel:
1) Set objectives for the production of threat intelligence;
2) Select relevant sources to collect threat information from;
3) Analyse information about threats (current and emerging) in the context of the organization;
…
#infosec
4) Feed the result into the #infosec risk management process;
5) Identify actions to prevent and reduce impact;
6) Configure prevention and detection systems based on the results of the analysis;
…
#threatintel #cybersecurity #infosec #iso27001
7) Use threat analysis results as input for security testing;
8) Communicate about relevant threats and risk/impact reducing actions;
9) Exchange #threatintel with other organizations.
👉 Next: How to demonstrate this in audits …
#cybersecurity #infosec #iso27001
Prove ISO 27002 compliant #threatintel with, for example:
- policies for threat intelligence collection, analysis and communication;
- policies for using threat analysis results in #infosec risk mgt;
- subscriptions to relevant sources like feeds, alert services & reports;
…
…
- minutes of threat analysis sessions and risk management meetings that include the results of threat analyses;
- configuration instructions for systems to prevent and detect the identified threats;
- action plans for the prevention and reduction of threat impact;
…
…
- threat awareness communication and communication about risk/impact reducing actions;
- exchanges of #threatintel with other organizations, e.g. through publications, or participation in special interest groups, forums and seminars.
#cybersecurity #infosec #iso27001
Keep in mind that ISO 27002 control 5.7's purpose is to promote risk mitigation through threat awareness. Information should be provided in an understandable format, so that people can act quickly and effectively.
#threatintel #cybersecurity #infosec #iso27001
Your are also required to consider #threatintel at 3 levels:
1) strategic: hi-level info about types of attackers and attacks
2) tactical: info about attack methods, tools and technologies
3) operational: info about specific attacks and how to identify them.
#cybersecurity
All in all, ISO 27002:2022 A 5.7 brings together #threatintel elements that were previously spread over controls related to network applications, secure systems engineering, mobile devices and wifi usage, #infosec policies, and special interest groups – and expands upon them.
If you're #iso27001 certified, basic #threatintel should already be in place. Efforts should go into further structuring the process of collection, analysis and communication. Have this reflected in relevant policies and connect it with the main #infosec risk mgt process.
I hope this threat will help in preparing for the transition to the new ISO 27001 later this year. Contact me with any #iso27001 #iso27002 questions you may have. Stay safe and secure!
#threatintel #cybersecurity #infosec
ISO 27001 Toolkit
@iso27diy
🧰 Implement ISO 27001 yourself!🏅Get Certified 🧘♀️ Build Customer Trust 🚀 Accelerate Sales! #infosec #iso27001 by @richardk