Control Purpose
The organization must collect threat information, analyze it in context, and turn it into usable intelligence for decisions.
Use A.5.7 Threat Intelligence for the detailed requirement, implementation guidance, audit checks, evidence expectations, and related ISO 27005 context.
Risk Logic
Related Risks
No published risk scenario is linked to this control yet. Create or link a risk note under the risk knowledge base before treating this control as fully mapped.
Implementation Activities
- Subscribe to trusted threat intelligence sources.
- Review vendor advisories and vulnerability alerts.
- Track indicators of compromise.
- Translate relevant intelligence into detection rules.
- Record monthly threat intelligence reviews.
Evidence Required
- Monthly threat intelligence review notes.
- IOC update records.
- SIEM rule updates.
- Vendor advisory review records.
Audit Questions
- AQ-ISO27001-A.5.7 Audit Question
- How does the organization collect and review threat intelligence?
- How does threat intelligence influence security monitoring?
- Show an example where threat intelligence led to an action.
ISO 27005 Link
This control supports risk identification, risk analysis, risk monitoring, and risk treatment by improving awareness of relevant threats.
ISO 27002 Link
Use ISO/IEC 27002 as implementation guidance for interpreting what effective threat intelligence practices look like.
Source Notes
Software Architecture Mapping
Relevant objects:
- control
- threat
- risk
- evidence
- audit_question
- review
- Iso27001
- ISO27002
- Annex a
- Control
- Threat intelligence
Note Metadata
Aliases: ISO27001-A.5.7, A.5.7 Control Card
Source: 06-Control-Knowledge-Base/ISO27001-A.5.7-Threat-Intelligence.md
Control dependency map
How this control connects to work products
Generated from the static research graph. It shows navigation and evidence dependencies; it is not an audit conclusion.
4
links
Requirement context
Primary control text, framework notes, or adjacent controls this note points to.
Audit checks
Audit questions, checklists, or review material connected to the control.
Risk treatment
Risk records and ISO 27005 material this control mitigates or supports.
Graph-sourced resources
Templates and evidence
Auditor evidence packs
Evidence collections and audit-facing verification material.
Risk treatment artifacts
Risk records, mappings, and treatment-supporting references.
Related Notes
- ISO27001 ISMS KB - Start Here
- ISO 27001 A.5.7 - Threat Intelligence
- AQ-ISO27001-A.5.7 Threat Intelligence
- EVID-0001 Monthly Threat Intelligence Review
- EVID-0002 IOC Update Record
- EVID-0003 SIEM Rule Update
- EVID-0004 Vendor Advisory Review
- ISO 27005 Risk Process Notes
- ISO 27002 Annex A Control Interpretation Map
- GRC Knowledge Model