We are excited to introduce a comprehensive overview of the latest updates and expansions to the ISO standards, specifically tailored for 2022.
As the digital landscape continues to evolve at a rapid pace, staying ahead of changes and advancements in information security and cloud services is paramount for businesses and organisations aiming for resilience and compliance.
Our in-depth update covers the introduction of new clauses and enhancements to existing ones, ensuring that you have access to the most current and relevant information. Highlights include the integration of threat intelligence into information security practices, emphasising the systematic collection and analysis of data to produce actionable insights against cyber threats. This proactive approach is crucial for organisations to anticipate, respond to, and mitigate potential security challenges effectively.
Additionally, we delve into the critical importance of establishing robust processes for the acquisition, use, management, and exit from cloud services. This ensures alignment with an organisation's information security requirements and prepares businesses for smooth transitions should the need to change cloud service providers arise.
5.07 Threat intelligence:
Information relating to information security threats should be collected and analysed to produce threat intelligence.
5.23 Information security for the use of cloud services:
Processes for acquisition, use, management and exit from cloud services should be established in accordance with the organisation’s information security requirements.
5.30 ICT readiness for business continuity
ICT readiness should be planned, implemented, maintained and tested based on business continuity objectives and ICT continuity requirements.
7.04 Physical security monitoring
Premises should be continuously monitored for unauthorised physical access.
"8.09 Configuration management"
Configurations, including security configurations, of hardware, software, services and networks should be established, documented, implemented, monitored and reviewed.
8.10 Information deletion
Information stored in information systems, devices or in any other storage media should be deleted when no longer required
8.11 Data masking
Data masking should be used in accordance with the organization’s topic-specific policy on access control and other related topic-specific policies, and business requirements, taking applicable legislation into consideration.
8.12 Data leakage prevention
Data leakage prevention measures should be applied to systems, networks and any other devices that process, store or transmit sensitive information
8.16 Monitoring activities
Networks, systems and applications should be monitored for anomalous behaviour and appropriate actions taken to evaluate potential information security incidents.
"8.23 Web filtering"
Access to external websites should be managed to reduce exposure to malicious content.
8.28 Secure coding
Secure coding principles should be applied to software development.
8.29 Security testing in development and acceptance
Security testing processes should be defined and implemented in the development life cycle.
8.30 Outsourced development
The organisation should direct, monitor and review the activities related to outsourced system development.
8.31 Separation of development, test and production environments
Development, testing and production environments should be separated and secured. 5.23 Information security for use of cloud services:
Processes for acquisition, use, management and exit from cloud services should be established in accordance with the organisation’s information security requirements.
5.30 ICT readiness for business continuity:
ICT readiness should be planned, implemented, maintained and tested based on business continuity objectives and ICT continuity requirements.
7.04 Physical security monitoring:
Premises should be continuously monitored for unauthorized physical access.
8.09 Configuration management:
Configurations, including security configurations, of hardware, software, services and networks should be established, documented, implemented, monitored and reviewed.
8.10 Information deletion:
Information stored in information systems, devices or in any other storage media should be deleted when no longer required
8.11 Data masking:
Data masking should be used in accordance with the organization’s topic-specific policy on access control and other related topic-specific policies, and business requirements, taking applicable legislation into consideration.
8.12 Data leakage prevention:
Data leakage prevention measures should be applied to systems, networks and any other devices that process, store or transmit sensitive information
8.16 Monitoring activities:
Networks, systems and applications should be monitored for anomalous behaviour and appropriate actions taken to evaluate potential information security incidents.
8.23 Web filtering:
Access to external websites should be managed to reduce exposure to malicious content.
New Clause 5.07 Threat intelligence:
5.07 Information relating to information security threats should be collected and analysed to produce threat intelligence.
Title: Harnessing Threat Intelligence: Safeguarding Information Security in a Dynamic Landscape
In an era dominated by digital advancements, the importance of threat intelligence in fortifying information security cannot be overstated. Threat intelligence involves systematically collecting and analysing information security threats to produce actionable insights. This proactive approach empowers organisations to effectively anticipate, respond to, and mitigate potential cyber threats. Organisations must implement robust controls to gather, analyse, and leverage threat intelligence to achieve this.
Collecting Threat Intelligence:
The first step in building effective threat intelligence is systematically collecting data from diverse sources. These sources may include open-source feeds, industry reports, government agencies, and collaboration with other organisations facing similar threats. Real-time monitoring of network logs, incident reports, and dark web forums also contributes valuable data. For example, a financial institution might collaborate with cybersecurity firms to gather intelligence on the latest tactics used by financial malware, enhancing their ability to defend against emerging threats.
Analysing Threat Intelligence:
Once collected, threat intelligence data must be comprehensively analysed to extract meaningful insights. This involves identifying patterns, correlations, and anomalies that could signify potential threats. Advanced analytics, machine learning, and artificial intelligence play crucial roles in processing vast datasets efficiently. Analysing threat intelligence can reveal indicators of compromise (IoCs), tactics, techniques, and procedures (TTPs) used by threat actors, aiding organisations in fortifying their defences. For instance, a multinational corporation might use threat intelligence to analyse geopolitical events that could impact its cybersecurity posture, enabling proactive measures to protect critical assets.
Real-World Examples:
The Stuxnet worm, discovered in 2010, is a prominent example of the power of threat intelligence. Researchers, analysing the worm's code and behaviour, uncovered its highly targeted nature aimed at disrupting Iran's nuclear program. This revelation provided valuable insights into the capabilities of state-sponsored cyber-attacks, prompting organisations worldwide to enhance their defences against sophisticated threats.
Stuxnet Worm (2010):
The WannaCry ransomware attack highlighted the significance of timely threat intelligence. Organisations that had access to intelligence about the vulnerability exploited by WannaCry, which was leaked from a government agency, could patch their systems before the ransomware wreaked havoc. This incident underscored the need for sharing threat intelligence across sectors to bolster collective cyber defences.
WannaCry Ransomware (2017):
Controls for Effective Threat Intelligence:
Information Sharing Platforms:
Collaborative platforms that facilitate the sharing of threat intelligence within and across industries are essential. Organisations can benefit from shared experiences and insights, strengthening their collective ability to detect and respond to threats.
Security Information and Event Management (SIEM) Systems:
SIEM systems are crucial in centralising and analysing log data from various sources. They enable real-time monitoring, correlation of events, and identification of potential security incidents based on threat intelligence feeds.
Incident Response Plans:
Having well-defined incident response plans ensures that organisations can effectively utilise threat intelligence when responding to security incidents. These plans should outline the roles and responsibilities of the incident response team and incorporate threat intelligence into the decision-making process.
In conclusion, threat intelligence is a cornerstone of modern cybersecurity strategies, providing organisations with the means to stay one step ahead of cyber threats. Organisations can create a dynamic defence mechanism that adapts to the evolving threat landscape by systematically collecting and analysing information. The controls mentioned, and real-world examples illustrate the practical application of threat intelligence in fortifying information security and fostering a resilient cybersecurity posture.
New clause in ISO 27001: 5.2.3 – Information security
5.23 Information security for use of cloud services: Processes for acquisition, use, management and exit from cloud services should be established in accordance with the organisation’s information security requirements.
Title: Navigating the Cloud: The Imperative of a Robust Exit Strategy
In the digital era, where businesses are increasingly reliant on cloud computing for storage, processing, and scalability, the importance of a well-defined Cloud Exit Strategy cannot be overstated. As organisations migrate their operations to the cloud to harness the benefits of flexibility, cost-efficiency, and innovation, they must also be prepared for unforeseen circumstances that might necessitate a departure from their cloud service provider.
A Cloud Exit Strategy is essentially a roadmap that outlines how an organisation can smoothly and efficiently transition its data, applications, and processes from one cloud service provider to another or back to on-premises infrastructure. The need for such a strategy arises from several factors, including changing business requirements, evolving technology landscapes, compliance issues, and sometimes unforeseen events such as contractual disputes or security breaches.
Data Lock-In with Vendor-Specific Technologies:
One of the key reasons a robust Cloud Exit Strategy is essential is the dynamic nature of the technology industry. Cloud service providers continually evolve, introducing new services, updating existing ones, and sometimes altering their business models. In 2019, a major cloud outage affected users of a well-known cloud provider, rendering their data inaccessible for several hours. Organisations relying solely on this provider without a Cloud Exit Strategy found themselves at the mercy of the outage, unable to promptly switch to an alternative provider.
Another critical aspect is data sovereignty and compliance. Different countries and regions have varying data protection laws and regulations. Organisations may need to store data in specific locations to comply with these laws. In 2018, a multinational corporation faced legal challenges due to data residency and privacy concerns. The lack of a clear Cloud Exit Strategy made it difficult for the organisation to comply with changing regulations swiftly. This resulted in legal repercussions and damage to the company's reputation.
In the event of a security incident or data breach, organisations must act swiftly to protect sensitive information and maintain customer trust. A well-prepared exit strategy enables businesses to quickly migrate their data and applications to a secure environment, minimising the potential damage caused by a security incident. A high-profile security breach in a cloud environment exposed sensitive customer data, showcasing how organisations lacking a comprehensive Cloud Exit Strategy faced challenges in swiftly migrating their data to a more secure environment, leading to prolonged data exposure and severe reputational damage.
Unplanned Cost Escalation:
Cost considerations also play a pivotal role in the need for a Cloud Exit Strategy. While cloud computing offers the allure of pay-as-you-go pricing and cost savings, organisations may face unexpected cost increases or budget constraints. A company relying on a cloud service provider for years suddenly faces a significant price increase for its services. Without a Cloud Exit Strategy in place, the organisation is forced to either absorb the higher costs or hastily migrate to another provider, incurring additional expenses and potential disruptions to operations.
Furthermore, contractual and service-level agreement (SLA) disputes can arise between organisations and their cloud service providers. A robust exit strategy should include provisions for resolving such disputes and clearly define the steps involved in transitioning from one provider to another. A company faces contractual disputes with its cloud service provider over service levels, uptime, or performance. The absence of a clear exit plan complicated transitioning to a new provider, resulting in prolonged disputes and service disruptions.
In conclusion, the importance of having a good Cloud Exit Strategy cannot be overstated in today's rapidly evolving digital landscape. It is a proactive approach to navigating the uncertainties and challenges that may arise during a cloud journey. By investing time and resources in developing a comprehensive exit strategy, organisations can safeguard their data, maintain compliance, optimise costs, and ensure business continuity in the face of unforeseen events. As the adage goes, "Hope for the best, but plan for the worst," In cloud computing, a well-prepared exit strategy embodies that knowledge.
Get In Touch
Our update serves as a guide to help you understand these significant changes, offering insights into how they can be applied within your organisation to enhance information security and cloud service management. It's an essential read for anyone involved in compliance, security, and IT management, providing the knowledge and tools needed to navigate the complexities of today's digital environment confidently.
During your consultant's next visit, or by getting in touch with us directly, we can arrange for a team member to discuss how these changes impact your business and explore ways we can assist. Let's turn this update into an opportunity for growth and enhanced security in your operations. Reach out to us, and let's make sure your business stays ahead.