ISO/IEC 27001 : 2022 附录 A 5.7 威胁情报
ISO 27001:2022 附录 A 5.7 – 威胁情报概述
作为 ISO 27001:2022 修订版的一部分,附录 A 控制 5.7:威胁情报要求组织收集、分析和生成有关信息安全威胁的威胁情报。
什么是威胁情报及其工作原理
威胁情报的目标是通过收集、分析和评估有关当前和未来网络攻击的数据,让组织更深入地了解网络威胁。
威胁情报的一个例子是识别攻击者用来进入网络或破坏其目标的策略、技术和程序 (TTP)。因此,防御这些特定攻击变得更加易于管理。
除了帮助组织了解黑客如何攻击他们之外,威胁情报还可以告知公司攻击者寻求哪些类型的数据。这将帮助他们了解一旦他们偷走了它,他们可以用它做什么。
信息安全威胁概述
在组织中,信息安全威胁与信息机密性、完整性和可用性有关。
它们是公司信息或信息系统的潜在危险点。这些危险点可能导致未经授权的访问、敏感数据的更改或破坏,或业务流程中断。
对信息安全的威胁可能来自内部或外部。内部威胁起源于组织内部,而外部威胁则来自外部。
How Does ISO 27001:2022 Annex A 5.7 Work?
ISO 27001:2022 附录 A 5.7 如何运作?
Annex A control 5.7 is designed to help organisations understand their threat environment. This is so they can determine the proper actions to maintain information security based on the threats they identify.
附录 A 控制 5.7 旨在帮助组织了解其威胁环境。这样他们就可以根据他们识别的威胁确定适当的措施来维护信息安全。
A Brief Explanation of Annex A Control 5.7
附件A控制措施5.7的简要说明
Having a clear understanding of the threat environment allows an organisation to ensure it has appropriate Annex A controls in place, that it can respond and recover appropriately in the event of an adverse event, and that its security posture (Annex A controls, policies, etc.) is appropriate.
对威胁环境有清晰的了解,使组织能够确保其拥有适当的附录 A 控制措施,能够在发生不利事件时做出适当的响应和恢复,并且其安全态势(附录 A 控制、策略等)是适当的。
ISO 27001 Annex A Control 5.7 is essential to managing information security. Essentially, ISO 27001 provides organisations with a roadmap for limiting the effects of these threats by providing an understanding of their threat landscape.
ISO 27001 附录 A 控制 5.7 对于管理信息安全至关重要。从本质上讲,ISO 27001 为组织提供了一个路线图,通过提供对其威胁态势的理解来限制这些威胁的影响。
How to Meet the Requirements and What’s Involved
如何满足要求以及涉及的内容
ISO 27001:2022 Annex A Control 5.7 focuses on providing organisations with information about existing and emerging threats to identify which ones apply to them. In this regard, they will develop appropriate defences.
ISO 27001:2022 附录 A 控制 5.7 侧重于为组织提供有关现有和新出现的威胁的信息,以确定哪些威胁适用于他们。在这方面,他们将制定适当的防御措施。
To comply with ISO 27001 Annex A control 5.7, organisations must do the following:
为了遵守 ISO 27001 附录 A 控制 5.7,组织必须做到以下几点:
Examine your threat environment periodically (by reviewing reports from government agencies and other organisations).
定期检查威胁环境(通过查看政府机构和其他组织的报告)。
Sources of threat (i.e., insiders, competitors, criminals, terrorist groups) should be identified.
应查明威胁来源(即内部人员、竞争对手、犯罪分子、恐怖组织)。
Determine possible novel attack vectors and trends based on current events and past incidents.
根据当前事件和过去事件确定可能的新攻击媒介和趋势。
The most important thing is to build defences that will help mitigate security threats to the organisation.
最重要的是建立有助于减轻组织安全威胁的防御措施。
It is recommended by the International Organization for Standardization (ISO) that businesses take into account all three levels of intelligence, namely strategic, tactical, and operational, so that they can leverage threat intelligence effectively:
国际标准化组织 (ISO) 建议企业考虑所有三个级别的情报,即战略、战术和运营,以便他们能够有效地利用威胁情报:
Strategic threat intelligence aims to exchange high-level information about the evolving threat landscape, such as the types of attackers and attacks.
战略威胁情报旨在交换有关不断变化的威胁形势的高级信息,例如攻击者和攻击的类型。
Threat intelligence refers to knowledge of the tactics, tools, and technology used by attackers.
威胁情报是指对攻击者使用的策略、工具和技术的了解。
A tactical threat intelligence report provides detailed information on specific assaults, including technical indicators.
战术威胁情报报告提供有关特定攻击的详细信息,包括技术指标。
To be effective, threat information should also be relevant, perceptive, contextual, and actionable.
为了有效,威胁信息还应该具有相关性、洞察力、上下文和可操作性。
Establishing and maintaining an information security management system (ISMS) is necessary in accordance with ISO/IEC 27000 standards. 5.7 in Annex A plays a crucial role in this process. Threat analysis is essential even if the organisation is not planning for ISO 27001 certification or another standard.
根据 ISO/IEC 27000 标准,建立和维护信息安全管理体系 (ISMS) 是必要的。5.7 在附件A中,这一过程起着至关重要的作用。即使组织没有计划获得 ISO 27001 认证或其他标准,威胁分析也是必不可少的。
