ISO27001A.5.7voice-validated
ISO27001 A.5.7: A.5.7
ISO/IEC 27001:2022 Information Security Management
AL
Founder at SQUR · last verified 2026-06-19
Regulation text
Information relating to information security threats shall be collected and analysed to produce threat intelligence. Theme: Organisational controls. (Full guidance: ISO/IEC 27002:2022 §5.7.)
ATT&CK techniques this article tests · 15
| Technique | Why it maps | Confidence |
|---|---|---|
| 1. Threat intelligence frequently details vulnerabilities and exploits in public-facing applications, directly informing defenses against T1190. ISO/IEC 27002:2022 §5.7 mandates collecting and analysing threat information. | 90% | |
| 1. Threat intelligence provides insights into phishing campaigns, indicators, and common lures, enabling proactive defense against T1566. ISO/IEC 27002:2022 §5.7 requires threat information analysis. | 90% | |
| 1. Threat intelligence often describes common command and scripting interpreter usage by adversaries, aiding in detection and prevention of T1059. ISO/IEC 27002:2022 §5.7 supports this analysis. | 70% | |
| 1. Threat intelligence identifies malware and adversary techniques that establish persistence via boot or logon autostart execution (T1547). ISO/IEC 27002:2022 §5.7 guides this collection. | 70% | |
| 1. Threat intelligence details specific vulnerabilities and exploits used for privilege escalation (T1068), allowing for timely patching and mitigation. ISO/IEC 27002:2022 §5.7 requires threat analysis. | 90% | |
| 1. Threat intelligence describes adversary obfuscation techniques (T1027), improving detection capabilities for defense evasion. ISO/IEC 27002:2022 §5.7 supports understanding adversary methods. | 80% | |
| 1. Threat intelligence identifies common masquerading techniques (T1036) used by adversaries, enhancing an organisation's ability to detect deceptive activities. ISO/IEC 27002:2022 §5.7 supports this analysis. | 70% | |
| 1. Threat intelligence details tools and methods for OS credential dumping (T1003), enabling better protection of credentials. ISO/IEC 27002:2022 §5.7 mandates collecting threat information. | 80% | |
| 1. Threat intelligence highlights how adversaries perform account discovery (T1087), informing defensive measures to limit information exposure. ISO/IEC 27002:2022 §5.7 supports understanding reconnaissance. | 70% | |
| 1. Threat intelligence details common remote services exploited for lateral movement (T1021), guiding network segmentation and access control. ISO/IEC 27002:2022 §5.7 requires threat analysis. | 70% | |
| 1. Threat intelligence describes types of data targeted and collection methods (T1005), enabling better protection of sensitive information. ISO/IEC 27002:2022 §5.7 supports understanding adversary objectives. | 70% | |
| 1. Threat intelligence identifies specific C2 protocols and infrastructure (T1071), enabling network defenders to block or detect command and control communications. ISO/IEC 27002:2022 §5.7 mandates threat analysis. | 90% | |
| 1. Threat intelligence can identify adversary proxy usage (T1090) for command and control, aiding in network traffic analysis and detection. ISO/IEC 27002:2022 §5.7 supports understanding adversary infrastructure. | 70% | |
| 1. Threat intelligence identifies patterns and methods of data exfiltration over C2 channels (T1041), improving data loss prevention strategies. ISO/IEC 27002:2022 §5.7 requires threat information analysis. | 80% | |
| T1486 | 1. Threat intelligence provides insights into ransomware variants and their data encryption mechanisms for impact (T1486), informing incident response and recovery planning. ISO/IEC 27002:2022 §5.7 mandates threat analysis. | 90% |
Defending mitigations · 6
| Mitigation | What it does | Confidence |
|---|---|---|
| M1017 | 1. Threat intelligence directly informs user training content on current threats like phishing and social engineering, enhancing human defenses. ISO/IEC 27002:2022 §5.7 supports this proactive measure. | 90% |
| M1035 | 1. Threat intelligence identifies vulnerable services and ports, guiding restrictions on access to resources over networks. This limits attack surfaces. ISO/IEC 27002:2022 §5.7 mandates threat analysis for informed decisions. | 80% |
| M1040 | 1. Threat intelligence provides Indicators of Compromise (IOCs) and adversary TTPs, enabling the configuration of behavior prevention rules on endpoints. ISO/IEC 27002:2022 §5.7 supports enhancing detection capabilities. | 90% |
| M1047 | 1. Threat intelligence guides the selection of events to log and monitor, improving the effectiveness of audit processes for detecting suspicious activity. ISO/IEC 27002:2022 §5.7 requires threat information analysis. | 90% |
| M1020 | 1. Threat intelligence identifies Indicators of Compromise (IOCs) that require removal or blocking from systems, preventing further adversary activity. ISO/IEC 27002:2022 §5.7 supports actionable intelligence. | 80% |
| M1016 | 1. Threat intelligence informs the development of robust account use policies, especially for privileged accounts, based on observed adversary techniques. ISO/IEC 27002:2022 §5.7 supports understanding adversary tactics. | 70% |
Underlying weaknesses · 6
| CWE | Why it persists | Confidence |
|---|---|---|
| CWE-200 | 1. Threat intelligence aims to prevent the exposure of sensitive information by understanding adversary collection and exfiltration methods. ISO/IEC 27002:2022 §5.7 directly addresses this by informing protective measures. | 90% |
| CWE-287 | 1. Threat intelligence often details authentication bypasses and weak authentication methods exploited by attackers, informing the need for stronger authentication controls. ISO/IEC 27002:2022 §5.7 supports this analysis. | 90% |
| CWE-434 | 1. Threat intelligence frequently describes initial access vectors involving malicious file uploads, which exploit unrestricted upload weaknesses. ISO/IEC 27002:2022 §5.7 guides understanding these attack types. | 80% |
| CWE-502 | 1. Threat intelligence highlights common vulnerabilities and exploits, including those related to deserialization of untrusted data, used by threat actors. ISO/IEC 27002:2022 §5.7 supports identifying such weaknesses. | 70% |
| CWE-79 | 1. Threat intelligence often covers web-based attacks like Cross-site Scripting (XSS), which exploit improper input neutralization for initial access or data theft. ISO/IEC 27002:2022 §5.7 supports understanding these threats. | 70% |
| CWE-326 | 1. Threat intelligence identifies adversaries targeting systems with inadequate encryption strength, informing the need for stronger cryptographic controls. ISO/IEC 27002:2022 §5.7 supports this vulnerability assessment. | 70% |
What SQUR Covers
Web application + API pentesting for OWASP Top 10, business logic flaws, authentication bypass, injection attacks, and other application-layer vulnerabilities. €1,995 per scan, 24-hour turnaround, EU-only data.
What SQUR Does Not Cover
Internal network pentesting, endpoint security testing, physical security assessments, social engineering, or ICT third-party concentration risk reviews. Engage a complementary provider for those scope items.
Provenance
Mapped Q2.2026 using gemini-2.5-flash · €0.0208 compute · voice-rubric self-validated