Andrew Slater, Director AUSHIELD sat down with Canberra Cyber Hub to learn more about the ISO 27001:2022 updates and what it means for the cyber security industry.

The recent update to ISO27001 has seen the inclusion of Cyber Threat Intelligence (CTI) for the first time. This guidance is timely given the recent rapid escalation in high profile breaches within Australia.

Like all preventative controls, the end goal is to prevent threats to our organisations wherever possible or, at the least, reduce the impact of threats. CTI can be a complex space and whilst being Cyber based, at its heart it is an Intelligence capability and should be thought of as such.

Intelligence is a product that informs stakeholders within an organisation, allowing them to make risk based decisions to counter threats. Organisations should be looking towards the intelligence lifecycle to define their Primary Intelligence Requirements (PIRs) to ensure that any technology or services they implement support the organisation's needs.

The guidance within the changes covers the three levels of CTI and are defined as;

• Strategic - The exchange of intelligence about the changing threat landscape.
• Operational - Intelligence of specific attacks including Indicators of Compromise.
• Tactical - Intelligence about threat actor methodologies, tools and techniques more commonly referred to as Tactics Techniques and Procedures (TTPs)

Beyond these definitions of the different types of CTI, the guidance covers what is the most pertinent point of any Intelligence program - all intelligence needs to be relevant, contextual and actionable in order to effectively help protect our organisations.

Within the Cyber realm, technology and services are leveraged to automate aspects of the lifecycle including collection, processing, analysis, production and dissemination to assist in making CTI actionable. This automation can assist with overcoming the current shortage of skilled analysts. This can include leveraging technology such as a Threat Intelligence Platform (TIP). TIPs can provide the machine to machine integrations for automated blocking and detection based on high confidence Indicators of Compromise (IoCs) reducing manual tasks but are also leveraged to provide curated collection and pre-processed information for the purpose of analysis.

With the shortage of skills, models such as collective defense, particularly through collaboration, are key and provide a force multiplier for organisations through collaboration with other trusted organisations. The guidance does refer to sharing CTI with other organisations to improve CTI.

This collaboration within the CTI space is done through Information Sharing and Analysis Centres (ISACs). There are several forms of ISACs including vertical specific such as the Financial Services ISAC, Australian specific such as AUSHIELD DEFEND and also Government-led such as the ACSC CTIS program.

For the full article: https://canberracyberhub.com.au/news-and-events/iso-270012022-has-been-updated