ISO27001 – Control 5.7 – Threat Intelligence


Information relating to information security threats should be collected and analysed to produce threat intelligence.

What this means

Organizations should gather and analyze information about security threats to understand the risks they face. This “threat intelligence” can help them take appropriate actions to prevent attacks or reduce the impact of an attack.

Threat intelligence has three levels:

  1. Strategic – High-level information about the overall landscape of threats and attackers
  2. Tactical – Details on the methods, tools, and technologies used by attackers
  3. Operational – Specifics about active attacks and technical indicators

Good threat intelligence should be relevant to the organization, provide insightful information, give context around the threats, and enable the organization to take effective action.

To produce threat intelligence, organizations should:

  1. Set objectives
  2. Identify internal and external information sources
  3. Collect information from those sources
  4. Translate, format or corroborate information for analysis
  5. Analyse the information to understand threats
  6. Communicate/share the intelligence in a format which can easily be understood.

Organizations can use threat intelligence to improve risk management, update security controls like firewalls, and test their defenses.

It is possible to share threat intelligence with other organizations to improve everyone’s awareness. Providers, government agencies, and collaborative groups are common sources of shared threat intelligence and provide a view of the changing threat environment.

If you want to talk about information security in your organisation then please book a free call here or email us here