How to Prepare for ISO 27001:2022

WHat is iso 27001:2022

ISO 27001 is a standard for information security management systems (ISMS), designed to help organizations build resilience to cyberattacks, preparedness for new threats, and maintain data confidentiality, integrity, and availability. Compliance with ISO 27001 demonstrates to third parties – whether they are customers, partners, or investors – that an organization has systems in place to manage risks related to data security.

ISO 27001:2022 is an update of the previous 2013 standard and organizations need to comply with the new requirements by the end of October 2025. While that may seem like a long time away, it really isn’t when you consider all of the work that goes into the process of compliance: introducing additional controls, introducing new policies and procedures to document how you fulfill those controls, and having enough time to evidence that you have met the controls.

In this blog I am going to provide a short overview of some of the new elements of ISO 27001:2022 and give some advice, based on my own experience, on how CISOs and compliance managers can approach this new standard.

Looking for a quick overview? You can also watch my video for a summary in less than five minutes: 

What are the Biggest Changes in ISO 27001:2022?

There are a number of changes in the 2022 update of the ISO 27001 standard. This includes some reformatting of controls that were already required in the 2013 version but there are also some completely new thematic areas that organizations will now need to demonstrate their compliance against.

These additional requirements include (but are not limited to) data leak prevention, web filtering, business continuity of ICT systems, physical security monitoring, management of configuration changes, secure coding, and threat intelligence.

I’m going to focus on the threat intelligence requirement (Annex A, Control 5.7), which may be a completely new area for some organizations that don’t already have processes in place to collect and analyze information about threats.

What is meant by threat intelligence in the iso 27001:2022 standard?

The ISO 27001:2022 standard has very particular wording around the threat intelligence requirements: organizations have to be able to demonstrate a process for “collecting” and “analyzing” threat intelligence.

This means that the organization has to understand:

• Which threat actors could target their organization.
• The threat models they need to apply to their systems.
• The vulnerabilities that exist in their systems.
• The exploits that exist and could be used against those vulnerabilities.

They need to demonstrate that they collect information associated with each of these points and that the organization is able to analyze that intelligence, building it into threat assessments.

what software do you need to gather threat intelligence?

The software an organization needs to gather the necessary information about threats falls into two categories:

1. 1. Software that enables them to gather intelligence on threat actors – to facilitate understanding of who the business’s adversaries are, what they are doing, their motivations, and their capabilities.
   2. Software that gives them visibility into the threats within their IT estate – to identify the vulnerabilities that exist and could be potentially exploited by the threat actors they have identified.

Ideally, an organization will have software that combines these two elements – that can map all of the IT real estate, associate it with the vulnerabilities that exist, knowledge about how it could be exploited, and intelligence on the threat actors who could attempt to exploit those vulnerabilities. This is something that our dark web monitoring tool, DarkIQ, offers.

how can searchlight cyber help with iso 27001:2022?

One of the challenges of compliance is ensuring all of the policies, processes, and procedures are well documented and – critically – that the organization can evidence them. This is where a robust threat intelligence platform can have a great impact.

We used our product DarkIQ to demonstrate our compliance with the threat intelligence requirements of ISO 27001:2022. DarkIQ meets both the “collection” and “analysis” stipulations in an automated manner – continuously gathering threat intelligence, analyzing it, and presenting it to the end user in a non-technical format that makes it easy to make accurate and timely risk-based decisions.

This gave us the ability to demonstrate to the auditor that we are able to quickly identify threats that could impact our business. For example, DarkIQ would identify any staff credentials that are being sold or leaked, evidencing that we have the visibility we need to quickly take mitigative action against that risk.

DarkIQ also allowed us to show that we have full visibility of our IT infrastructure, all of the vulnerabilities that exist, and the known exploits that exist for those vulnerabilities – enabling us to take a risk-based approach to remediation.