ISO 27002 puts threat intelligence center stage

The updated ISO 27002 adds 11 new controls spanning a range of security services, including the addition of threat intelligence control 5.7.

The ISO 27000 series is an industry standard that has long defined and dictated base-level requirements for organizations’ information security management systems (ISMS). Through more than a dozen standards, the framework helps organizations demonstrate management commitment to their ISMS as they regularly review and improve their systems and procedures.

By meeting the necessary requirements, organizations are awarded an ISO 27001 certification that lets customers and collaborators know they have robust security measures in place.

What’s changed in ISO 27002?

The latest accreditation, ISO 27002, goes further still, outlining core controls that measure and address risks. These controls are widely applicable to most organizations and industries and are recommended in order to strengthen their approach to risk management.

Expanding on the requirements themselves, ISO 27002 serves as a definitive guide on how organizations should implement these requirements and how they can be best utilized from there. The updated ISO 27002 adds 11 new controls spanning a range of security services, including the addition of threat intelligence control 5.7. Threat intelligence is also used as an input for other controls, including 5.25, 8.7, 8.16 and 8.23, and will formulate how organizations respond to events, malware threats, networking monitoring and web filtering.

Focusing on strategic, tactical, and operational threat intelligence, the new ISO 27002 will help organizations improve their awareness and visibility of the threat environment looming outside their organization. In doing so, it looks to encourage better collection and analysis of information surrounding outsider threats as it enables organizations to better understand what they are up against and take the appropriate steps to protect from and mitigate such threats.

The much-needed inclusion of threat intelligence in this latest update signals the growing need for better threat intelligence among today’s organizations. By standardizing threat intelligence, it will pave the way for better, actionable intelligence and stronger and smarter management of various controls across an organization’s security perimeter. Information gathered via threat intelligence can inform security strategies and identify vulnerabilities not just in the organization’s sphere, but across the supply chain, third parties, and even physical or environmental threats.

What does this mean for organizations?

The controls recommended in the new 27002 standard detail how organizations should demonstrate that they are:

  • Collecting and analyzing threat intelligence
  • Actioning insights derived from that analysis
  • Incorporating threat intelligence into their wider risk management program

Combined, these actions determine how effectively organizations are using threat intelligence while encouraging them to reach a certain standard that requires them to be more informed, better protected, and better equipped to adjust their security posture in line with threat insights.

Companies are not required to implement controls and follow ISO 27002, but it is highly recommended. For example, when choosing a new intrusion detection system, organizations should consider how threats against them are likely to manifest. All implemented protections should detect and target those threats, including the tactics used by their likely adversaries. This way, threat intelligence adds to the risk understanding and allows businesses to choose solutions that actually resolve the problems they are likely to encounter.

While control implementation is not imperative, Outpost24 advises that organizations embrace threat intelligence to ensure that a) they are properly prepared to deal with today’s threat landscape and b) their controls and other investments are well selected and performing as planned.

How Outpost24 can help

Ready to embrace the new 27002 and stay par with industry best practices? Our threat intelligence solution is delivered via a modular approach to target the threats that are most relevant to your business. Find out more about the benefits offered by our threat intelligence solution or contact us to speak with an expert to assess your existing controls against the updated framework.

Want to keep reading?