3.3.16 Threat Management
| No: 381000091275 | Date(g): 24/5/2017 | Date(h): 28/8/1438 |
Effective from May 24 2017 - May 23 2017
To view other versions open the versions tab on the right
Principle
The Member Organization should define, approve and implement a threat intelligence management process to identify, assess and understand threats to the Member Organization information assets, using multiple reliable sources. The effectiveness of this process should be measured and periodically evaluated.
Objective
To obtain an adequate understanding of the Member Organization’s emerging threat posture.
Control considerations
| 1. | The threat intelligence management process should be defined, approved and implemented. | |
| 2. | The effectiveness of the threat intelligence management process should be measured and periodically evaluated. | |
| 3. | The threat intelligence management process should include: | |
| a. | the use of internal sources, such as access control, application and infrastructure logs, IDS, IPS, security tooling, Security Information and Event Monitoring (SIEM), support functions (e.g., Legal, Audit, IT Helpdesk, Forensics, Fraud Management, Risk Management, Compliance); | |
| b. | the use of reliable and relevant external sources, such as Saudi Central Bank, government agencies, security forums, (security) vendors, security organizations and specialist notification services; | |
| c. | a defined methodology to analyze the threat information periodically; | |
| d. | the relevant details on identified or collected threats, such as modus operandi, actors, motivation and type of threats; | |
| e. | the relevance of the derived intelligence and the action-ability for follow-up (for e.g., SOC, Risk Management); | |
| f. | sharing the relevant intelligence with the relevant stakeholders (e.g., Saudi Central Bank, BCIS members). | |