Content library
TISAX: Information security
5.2.3: Malware protection

How to fill the requirement

TISAX: Information security

5.2.3: Malware protection

Task name
Priority
Status
Theme
Policy
Other requirements
Selection and use of malware detection software on all devices
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
22
requirements

Task is fulfilling also these other security requirements

I09: Haittaohjelmasuojaus
Katakri
12.2.1: Controls against malware
ISO27 Full
12.2: Protection from malware
ISO27 Full
6.5: Tietojärjestelmien asennus, ylläpito ja päivitys
Self-monitoring
DE.CM-4: Malicious code detection
NIST
1. Task description

Centrally select and install malware detection and repair programs and update them regularly for preventive or regular scanning of computers and media.

Programs should check at least the following:

  • files received over the network or storage media are scanned for malware before use
  • email attachments and downloaded files are scanned for malware before use
  • websites are scanned for malware
Automatically updating and running malware prevention software
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
System management
Update and patch management
19
requirements

Task is fulfilling also these other security requirements

I09: Haittaohjelmasuojaus
Katakri
12.2.1: Controls against malware
ISO27 Full
12.2: Protection from malware
ISO27 Full
6.5: Tietojärjestelmien asennus, ylläpito ja päivitys
Self-monitoring
MWP-01: Keeping anti-malware software up to date
Cyber Essentials
1. Task description

Malware protection systems automatically check for and install updates at desired intervals and also run the desired scans at the selected frequency without needed user actions.

Defining requirements for malware protection
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
1
requirements

Task is fulfilling also these other security requirements

5.2.3: Malware protection
TISAX
1. Task description

The organisation must determine what are the requirements for protection against malware. The following should be considered:

  • Risk assessment
  • Legal and regulatory requirements
  • Business and operational needs
  • Technology environment
  • Budget and resources

The organisation must define and implement organisational measures for protection against malware based on the defined requirments.

Defined security arrangements for providing critical network equipment
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Partner management
Supplier security
12
requirements

Task is fulfilling also these other security requirements

13.1.2: Security of network services
ISO27 Full
15.2.1: Monitoring and review of supplier services
ISO27 Full
ID.BE-5: Resilience requirements
NIST
DE.CM-1: The network monitoring
NIST
5.22: Monitoring, review and change management of supplier services
ISO27k1 Full
1. Task description

The security arrangements required for critical online services, such as security features, service levels, and management requirements, are carefully defined in advance. Online services include e.g. connections, networks and network security solutions (e.g. firewalls).

The security features of online services can be e.g. the following:

  • required security-related technologies such as authentication, encryption technology, and network connection management tools
  • the technical parameters required for a secure connection to network services
  • online service usage criteria that restrict access to the online service or applications as needed
Network areas and structurally secure network design
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Network security
16
requirements

Task is fulfilling also these other security requirements

13.1.3: Segregation in networks
ISO27 Full
PR.AC-5: Network integrity
NIST
8.22: Segregation of networks
ISO27k1 Full
ARCHITECTURE-2: Implement Network Protections as an Element of the Cybersecurity Architecture
C2M2: MIL1
CC6.6: Logical access security measures against threats from sources outside system boundries
SOC 2
1. Task description

An owner is defined for an organization's networks. The owner is responsible for planning the structure of the network and documenting it.

Separate network areas are used in network design as needed. Domain areas can be defined by e.g.:

  • trust level (eg public, workstations, server)
  • organizational units (eg HR, financial management)
  • or by some combination (for example, a server domain that is connected to multiple organizational units)

Separation can be implemented either with physically separate networks or with logically separate networks.

Monitoring the use of the network and information systems to identify anomalies
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Security systems and logging
16
requirements

Task is fulfilling also these other security requirements

8.16: Monitoring activities
ISO27k1 Full
6.11: Alusta- ja verkkopalvelujen tietoturvallinen käyttö tietosuojan ja varautumisen kannalta
Tietoturvasuunnitelma
I-11: MONITASOINEN SUOJAAMINEN – POIKKEAMIEN HAVAINNOINTIKYKY JA TOIPUMINEN
Katakri 2020
5.2.3: Malware protection
TISAX
DE.CM-1: The network is monitored to detect potential cybersecurity events.
CyFun
1. Task description

Organization's data systems and network must be monitored to detect abnormal use. When anomalities are detected, the organization must take the necessary measures to assess the possibility of security incident.

The monitoring should utilize tools that enable real-time or regular monitoring, taking into account the organization's requirements. Monitoring practices should be able to manage large amounts of data, adapt to changing threat environment, and send alerts immediately when necessary.

Inclusion of the following sources in the monitoring system should be considered:

  • outbound and inbound network and data system traffic

    li>

  • access to critical data systems, servers, network devices and the monitoring system itself
  • critical system and network configuration files
  • logs from security tools (e.g. antivirus, IDS, IPS, network filters, firewalls)

Organization must also establish procedures for identifying and correcting "false positive" results, including tuning monitoring software for more accurate anomaly detection.

Instructing and training staff regarding malware
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
13
requirements

Task is fulfilling also these other security requirements

I09: Haittaohjelmasuojaus
Katakri
12.2.1: Controls against malware
ISO27 Full
12.2: Protection from malware
ISO27 Full
7.2.2: Information security awareness, education and training
ISO27 Full
TEK-11: Haittaohjelmilta suojautuminen
Julkri
1. Task description

The organization regularly trains staff on the use of utilized malware protection, reporting malware attacks, and recovering from malware attacks.

Automatic blocking and detecting of unauthorized software
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
12
requirements

Task is fulfilling also these other security requirements

12.2.1: Controls against malware
ISO27 Full
12.2: Protection from malware
ISO27 Full
DE.CM-5: Unauthorized mobile code detection
NIST
8.7: Protection against malware
ISO27k1 Full
5.2.3: Malware protection
TISAX
1. Task description

Our organization has defined policies in place to prevent or at least detect the use of unauthorized programs.

No items found.