protection_against_malware
Differences
This shows you the differences between two versions of the page.
| protection_against_malware [2025/08/18 05:09] – created tijs | protection_against_malware [2025/08/18 05:30] (current) – tijs | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | **Protection against malware**\\ | + | ====== |
| + | |||
| + | ^ Control type ^ Information Security Properties | ||
| + | | Preventative\\ Detective\\ Corrective | ||
| + | |||
| + | ===== Purpose ===== | ||
| + | |||
| + | The purpose is to ensure information and other associated assets are protected against malware. | ||
| + | |||
| + | ===== Definition ===== | ||
| + | |||
| + | Protection against malware should be implemented and supported by appropriate user awareness. | ||
| + | |||
| + | ===== Implementation Guide ===== | ||
| + | |||
| + | ==== Topic Specific Policy ==== | ||
| + | |||
| + | Ensure that the policy Protection Against Malware is in place | ||
| + | |||
| + | ==== Education ==== | ||
| + | Implement security awareness around malware. ensure that personel understands what malware is and how to respond. | ||
| + | |||
| + | ==== Antivirus Software ==== | ||
| + | Ensure that Antivirus software is installed and that updates and definition files are automatically installed. Scans and reporting back should also be in place. | ||
| + | |||
| + | ==== Allowlisting Websites ==== | ||
| + | Access to potentially malicious or dangerous websites should be blocked or managed. | ||
| + | |||
| + | ==== Email ==== | ||
| + | Additional tools that support the prevention of, and scanning for, malware in emails are to be considered and implemented where possible. | ||
| + | |||
| + | ==== Business Continuity ==== | ||
| + | Business continuity and the ability to recover from an event are an important part of the ISO 27001 standard and as fall back for a failure in this control. The usual rules on having a plan and testing the plan are in play here. | ||
| + | |||
| + | ==== Threat Intelligence ==== | ||
| + | Ensure to have access to bulletins, news letters and sources of information on emerging malware threats should be incorporated into processes and risk planning so that you can have a process of continual improvement that will seek to mitigate those threats. | ||
| + | |||
| + | ==== Technical vulnerability management ==== | ||
| + | Solid technical vulnerability management is part of the standard and links to this control by removing services that are not needed, blocking those not needed that cannot be removed and having solid configuration and technical management practices in place. | ||
| + | |||
| + | ===== How to pass the audit ===== | ||
| + | ==== Have a Protection Against Malware Policy ==== | ||
| + | You will implement a topic specific policy that sets out what you do for the protection against malware. | ||
| + | |||
| + | ==== Assess your threats for malware and perform a risk assessment ==== | ||
| + | For each asset type perform a risk assessment. Based on the risk assessment implement the appropriate controls to mitigate the risk. | ||
| + | |||
| + | ==== Implement technical controls for the prevention of malware ==== | ||
| + | Based on risk and business need implement the technical controls to protect from malware such as antivirus software, email security software, anti phishing technologies, | ||
| + | |||
| + | ==== Implement process controls for the prevention of malware ==== | ||
| + | Implement training and communication. Ensure there is a program of awareness and education. Implement appropriate response plans that includes incident response, back up and recovery, disaster recovery. | ||
| + | |||
| + | ==== Keep records ==== | ||
| + | For audit purposes you will keep records. Examples of the records to keep include changes, updates, monitoring, review and audits. | ||
| + | |||
| + | ==== Test the controls that you have to make sure they are working ==== | ||
| + | Perform internal audits that include the testing of the controls to ensure that they are working. | ||
| + | |||
| + | ===== Top 3 Mistakes ===== | ||
| + | |||
| + | ==== Weak or no antivirus ==== | ||
| + | A common mistake is having weak or no anti malware solution in place. There may be occasions where this is not possible and that is ok. You mange it with compensating controls and via risk management, but where it is possible it should be installed, operating and up to date. | ||
| + | |||
| + | ==== You rely only on antivirus ==== | ||
| + | Another common mistake for this control is only relying on antivirus or anti malware technology. The control is specific about the support via education and user awareness. Be sure to incorporate education and awareness into your plans and consider the other guidance provided above. | ||
| + | |||
| + | ==== Your document and version control is wrong ==== | ||
| + | Keeping your document version control up to date, making sure that version numbers match where used, having a review evidenced in the last 12 months, having documents that have no comments in are all good practices. | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
protection_against_malware.txt · Last modified: by tijs