With the imminent release of the new ISO 27001:2022 standard, let’s take a closer look at some of the newly added controls that aim to address the emerging threats facing businesses since the last revision. These include (but are not limited to)
- Threat Intelligence
- InfoSec for use of cloud services
- Response to InfoSec incidents
- ICT Readiness for business continuity
- Secure coding
In this short briefing we’ll focus on Threat Intelligence. The intent of this new control is to ensure businesses are able to collect, collate and analyse threat information from a variety of external and internal sources in order to identify, and mitigate, potential cyber attacks and disruptive or harmful breaches.
Threat intelligence enables us to make proactive and more informed decisions about our cyber protection mechanisms, based on patterns, behaviours and real-life data, in order to plan our cyber defences, and to act quickly in the event of a suspected or actual incident.
Examples of threat intelligence sources include:
- Traditional penetration testing
- Continual threat detection
- External independent threat intelligence feeds and webinars
- AV scanning for abnormal behaviour
- SIEM or log management tools
The standard also advocates memberships to ‘special interest groups’ in order to stay up to date with relevant security information and trends and be made aware of early warning signs pertinent to your systems, infrastructure and cloud based solutions.
Setting objectives for what data would be useful and relevant to your organisation is key in ensuring you don’t have information overload!
So once you have gathered all this information, what do you do with it? You will need to process this information into a format that can be analysed ‘to understand how it relates and is meaningful to the organisation’. You must decide who within the organisation this information should be shared with so that it can be actioned upon. For example do firewall rules or AV coverage need changing, or should your pen test scope be extended?
As always with ISO 27001, your Risk Assessment will be fundamental to any decision making as a result of threat intelligence analysis.