ISO/IEC 27001 Control 5.25: Assessment and decision on information security events
Control
The organization should assess information security events and decide if they are to be categorized as information security incidents.
Necessity of MidPoint
MidPoint's contribution to implementation of this control is marginal.
Implementation of the control is mostly outside the scope of identity governance and administration (IGA), therefore midPoint cannot provide significant advantage. However, midPoint can still provide minor supporting information and functionality.
Implementation Overview
MidPoint can provide supplementary information for security event classification.
Implementation Details
E.g. midPoint can provide information whether a user with compromised credentials had access to any systems, or whether the user was inactive. Application inventory can provide overview whether any users had access to vulnerable applications, and it can also provide hints whether vulnerable application was used at all.
Rationale
MidPoint can provide supplementary information for classification of security events.