All types Page Article White Paper Download
Solutions The best route to security compliance
Hicomply Privacy™ ISO 27001 ISO 9001 ISO 14001 SOC 2 NHS DSPT NIST 800-53 Hicomply GRC™ Services & Customer Support
Platform A powerful suite of ISMS features
Dashboard ISMS Scoping Policy Management Risk Management Information Asset Management Task Management Integrations Hicomply for Enterprises Trust Centre Controls Monitor Hicomply AI
Resources Everything you need to know
Knowledge & Insights Resources Hub Case Studies Sectors Glossary News ROI Calculator
Knowledge Base Learn more about infosec
ISO 27001 Knowledge Base SOC 2 Knowledge Base NHS DSPT Knowledge Base PCI DSS Knowledge Base NIST 800-53 Knowledge Base
Company Security and customers first
About News Partners Careers Contact

ISO 27001:2022 Annex 5.7: Threat intelligence

Annex 5.7 of the 2022 version of the ISO 27001 standard is a new annex and is without a corresponding control in the 2013 version of the standard.

The aim of threat intelligence is to enhance an organisation’s understanding of the potential cyber threats that it may be subject to in the future. This can be done by collecting and analysing data relating to existing or future attacks that may be found within the organisation’s industry or beyond.

Threats to an organisation may vary but they generally relate to the confidentiality and availability of information. If a threat actor gains access to an organisation’s information or information system, they may choose to steal, copy, withhold or destroy sensitive data, causing disruption, damage and financial loss to a business.

Information security threats may occur internally or externally.

Threat intelligence: what you need to know

Annex 5.7 requires organisations to collect, analyse and produce threat intelligence that relates to information security threats. One example of this might be identifying how a threat actor gains entry to a network, which can provide valuable insight into how that vulnerability can be managed and mitigated.

According to the International Organisation for Standardisation (ISO) there are three levels of intelligence to be considered: strategic, tactical and operational.

Responding to and recovering from an attack may depend on an organisation’s understanding of the threat environment and the strength of its security posture in the face of those known risks.

Importantly, an organisation should continue to review and revisit its threat intelligence on a regular basis as new threats emerge all the time. To comply with Annex 5.7, an organisation must periodically:

  • Review its threat environment
  • Review both internal and external threat sources
  • Consider new trends and novel attack vectors
  • Build defences capable of mitigating security threats and maintaining a good risk posture

What’s changed from ISO 27001:2013?

ISO 27001:2022 Annex A control 5.7 threat intelligence is a new annex in the standard.