Centrally select and install malware detection and repair programs and update them regularly for preventive or regular scanning of computers and media.
Programs should check at least the following:
The organisation must determine what are the requirements for protection against malware. The following should be considered:
The organisation must define and implement organisational measures for protection against malware based on the defined requirments.
Haittaohjelmasuojauksen päivittämiseen on olemassa prosessi myös järjestelmille, joita ei ole kytketty kytketä julkiseen verkkoon. Haittaohjelmatunnisteiden päivitys voidaan järjestää esimerkiksi käyttämällä hallittua suojattua päivitystenhakupalvelinta, jonka tunnistekanta pidetään ajan tasalla esimerkiksi erillisestä internetiin kytketystä järjestelmästä tunnisteet käsin siirtämällä (esim. 1-3 kertaa viikossa), tai tuomalla tunnisteet hyväksytyn yhdyskäytäväratkaisun kautta. Tunnisteiden päivitystiheyden riittävyyden arviointi tulee suhteuttaa riskienarvioinnissa kyseisen ympäristön ominaispiirteisiin, erityisesti huomioiden ympäristön muun tiedonsiirron tiheyden.
Myös päivitysten eheydestä varmistumiseen tulisi olla ennalta suunniteltu menettelytapa (lähde, tarkistussummat, allekirjoitukset, jne.).
Organisaatio on tunnistanut tietojärjestelmät, joissa haittaohjelman torjuntaohjelmistoilla pystytään saamaan lisäsuojausta.
Only software approved by the organization can be run on the devices. The organization should:
The malware protection software must block connections to malicious websites using deny listing for example. Not doing this is acceptable only if there is clear documented business need not to and the organisation fully understands and accepts the associated risks.
The malware protection software used by the organisation must be configured to automatically scan websites. The scan should be done when accessing a website.
The anti-malware software used by the organisation must be configured to automatically scan files. The scan should be done when a file is downloaded, opened and when it is opened from network storage.
The organisation must make sure that all of it’s computers, networking equipment and other related devices have auto-run of software is disabled.
Auto-run can cause serious cyber attacks, like ransomware, to get into the organisation’s systems through downloaded software or compromised peripherals (e.g usb-stick).
Vahvistaaksemme haittaohjelmilta suojautumiselta organisaatiomme on määritellyt lisätoimenpiteet korkeamman suojaustason tiedoille:
The organization has defined policies that regularly collect up-to-date and reliable information about malware. Such can be e.g. mailing lists, magazines, blogs from security software vendors, or security news sites.
The purpose of the data sources is to verify the information on malware, to distinguish the scams from real malware and to ensure that the warnings received are truthful and informative.
The data systems (and their content) that support critical business processes are regularly reviewed to locate malware. All unauthorized files and changes will be formally investigated.
The organization must identify the types of websites that staff should and should not have access to.
The organization must consider blocking access to the following types of sites (either automatically or by other means):
The security of the data processing environment is tested. Testing takes into account the appropriate level of security and the level of implementation, integration and configuration. Security must be taken care of throughout the entire life cycle of the environment.
At least the following should be considered here:
Our organization has defined policies and measures to detect and prevent the usage of unauthorized hardware within the organization's network and infrastructure.
The organization regularly trains staff on the use of utilized malware protection, reporting malware attacks, and recovering from malware attacks.
Ensuring staff security awareness is an important part of protection against malware. Because of this, staff are regularly informed of new types of malware that may threaten them.
Our organization has defined policies in place to prevent or at least detect the use of unauthorized programs.
We always use malware systems from multiple vendors to improve the likelihood of detecting malware.
Our organization has defined policies in place to prevent or at least detect the use of unauthorized programs on mobile devices (e.g. smartphones, tablets).
The software that accompanies some documents (e.g. macros) also provides a large attack surface. To reduce this attack surface, one should remove unwanted software from external documents and emails before they reach the users, e.g. in the firewall, deactivate the option to run such software for users who do not need it, and explicitly allowlist software in documents that the users actually need, e.g. by using digital signatures.