Malicious and mobile code protection is critically important.

New variants of malicious code are released every day while mobile code risks remain persistent and prevalent.  Having anti-virus installed on information systems is no longer sufficient to protect organizations. Just because an organization has anti-virus software installed on their information systems does not mean that they are completely immune from new, emerging threats.

Malicious and mobile code protection needs to be effectively managed.

  • Continually update malware detection signatures to safeguard against newly discovered or released threats.
  • Detection, prevention, and recovery controls should be implemented to protect against malicious software, or malware.
  • Technical controls should be combined with appropriate awareness training for all personnel.
  • Any mobile code should be authorized prior to its installation and use.
  • Implement an approved configuration to ensure that authorized mobile code operates only as intended.

Security measures should be implemented to support the timely installation and upgrades of preventive measures.

  • Install regular or automatic updates of anti-virus, anti-spam, and anti-spyware software.
  • Updating signature definition files whenever new updates are made available.
  • Required periodic reviews and scans for all installed software and the data content of information systems to identify, and where possible, remove any unauthorized software or code.
  • Actively running anti-malware mechanisms on all information systems.
  • Submit and approve an exception request if the disabling anti-virus is required for a temporary period.
  • Monitor end users permissions required to disable or alter anti-virus mechanisms unless specifically authorized by management on a case- by-case basis for a limited time period for testing purposes.

These code protections are the focus of pitfall #48 in my eBook, Security Program Pitfalls and Prescription to Avoid Them.