Centrally select and install malware detection and repair programs and update them regularly for preventive or regular scanning of computers and media.
Programs should check at least the following:
Malware protection systems automatically check for and install updates at desired intervals and also run the desired scans at the selected frequency without needed user actions.
The organisation must determine what are the requirements for protection against malware. The following should be considered:
The organisation must define and implement organisational measures for protection against malware based on the defined requirments.
The security arrangements required for critical online services, such as security features, service levels, and management requirements, are carefully defined in advance. Online services include e.g. connections, networks and network security solutions (e.g. firewalls).
The security features of online services can be e.g. the following:
An owner is defined for an organization's networks. The owner is responsible for planning the structure of the network and documenting it.
Separate network areas are used in network design as needed. Domain areas can be defined by e.g.:
Separation can be implemented either with physically separate networks or with logically separate networks.
Organization's data systems and network must be monitored to detect abnormal use. When anomalities are detected, the organization must take the necessary measures to assess the possibility of security incident.
The monitoring should utilize tools that enable real-time or regular monitoring, taking into account the organization's requirements. Monitoring practices should be able to manage large amounts of data, adapt to changing threat environment, and send alerts immediately when necessary.
Inclusion of the following sources in the monitoring system should be considered:
li>
Organization must also establish procedures for identifying and correcting "false positive" results, including tuning monitoring software for more accurate anomaly detection.
The organization regularly trains staff on the use of utilized malware protection, reporting malware attacks, and recovering from malware attacks.
Our organization has defined policies in place to prevent or at least detect the use of unauthorized programs.