Malicious Code Protection
Malicious and mobile code protection is critically important.
New variants of malicious code are released every day while mobile code risks remain persistent and prevalent. Having anti-virus installed on information systems is no longer sufficient to protect organizations. Just because an organization has anti-virus software installed on their information systems does not mean that they are completely immune from new, emerging threats.
Malicious code and mobile code protection needs to be effectively managed.
Continually update malware detection signatures to safeguard against newly discovered or released threats.
Detection, prevention, and recovery controls should be implemented to protect against malicious software, or malware.
Technical controls should be combined with appropriate awareness training for all personnel.
Any mobile code should be authorized prior to its installation and use.
Implement an approved configuration to ensure that authorized mobile code operates only as intended.
Security measures should be implemented to support the timely installation and upgrades of preventive measures.
Install regular or automatic updates of anti-virus, anti-spam, and anti-spyware software.
Updating signature definition files whenever new updates are made available.
Required periodic reviews and scans for all installed software and the data content of information systems to identify, and where possible, remove any unauthorized software or code.
Actively running anti-malware mechanisms on all information systems.
Submit and approve an exception request if the disabling anti-virus is required for a temporary period.
Monitor end users permissions required to disable or alter anti-virus mechanisms unless specifically authorized by management on a case- by-case basis for a limited time period for testing purposes.
These malicious code protections are the focus of pitfall #48 in my eBook, Security Program Pitfalls and Prescription to Avoid Them.