ISO/IEC 27001 Control 5.25: Assessment and decision on information security events

The organization should assess information security events and decide if they are to be categorized as information security incidents.

MidPoint's contribution to implementation of this control is marginal.

Implementation of the control is mostly outside the scope of identity governance and administration (IGA), therefore midPoint cannot provide significant advantage. However, midPoint can still provide minor supporting information and functionality.

MidPoint can provide supplementary information for security event classification.

MidPoint can provide supplementary information for classification of security events. E.g. midPoint can provide information whether a user with compromised credentials had access to any systems, or whether the user was inactive. Application inventory can provide overview whether any users had access to vulnerable applications, and it can also provide hints whether vulnerable application was used at all.