Malicious and mobile code protection is critically important.
New variants of malicious code are released every day while mobile code risks remain persistent and prevalent. Having anti-virus installed on information systems is no longer sufficient to protect organizations. Just because an organization has anti-virus software installed on their information systems does not mean that they are completely immune from new, emerging threats.
Malicious code and mobile code protection needs to be effectively managed.
- Continually update malware detection signatures to safeguard against newly discovered or released threats.
- Detection, prevention, and recovery controls should be implemented to protect against malicious software, or malware.
- Technical controls should be combined with appropriate awareness training for all personnel.
- Any mobile code should be authorized prior to its installation and use.
- Implement an approved configuration to ensure that authorized mobile code operates only as intended.
Security measures should be implemented to support the timely installation and upgrades of preventive measures.
- Install regular or automatic updates of anti-virus, anti-spam, and anti-spyware software.
- Updating signature definition files whenever new updates are made available.
- Required periodic reviews and scans for all installed software and the data content of information systems to identify, and where possible, remove any unauthorized software or code.
- Actively running anti-malware mechanisms on all information systems.
- Submit and approve an exception request if the disabling anti-virus is required for a temporary period.
- Monitor end users permissions required to disable or alter anti-virus mechanisms unless specifically authorized by management on a case- by-case basis for a limited time period for testing purposes.
These malicious code protections are the focus of pitfall #48 in my eBook, Security Program Pitfalls and Prescription to Avoid Them.