Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

Selection and use of malware detection software on all devices

Critical
High
Normal
Low

Centrally select and install malware detection and repair programs and update them regularly for preventive or regular scanning of computers and media.

Programs should check at least the following:

  • files received over the network or storage media are scanned for malware before use
  • email attachments and downloaded files are scanned for malware before use
  • websites are scanned for malware
Connected other frameworks and requirements:
I09: Haittaohjelmasuojaus
12.2.1: Controls against malware
ISO 27001
12.2: Protection from malware
ISO 27001
DE.CM-4: Malicious code detection
NIST CSF
8.7: Protection against malware
ISO 27001

Automatically updating and running malware prevention software

Critical
High
Normal
Low

Malware protection systems automatically check for and install updates at desired intervals and also run the desired scans at the selected frequency without needed user actions.

Connected other frameworks and requirements:
I09: Haittaohjelmasuojaus
12.2.1: Controls against malware
ISO 27001
12.2: Protection from malware
ISO 27001
DE.CM-4: Malicious code detection
NIST CSF
8.7: Protection against malware
ISO 27001

Regular malware inspection of data systems supporting critical business processes

Critical
High
Normal
Low

The data systems (and their content) that support critical business processes are regularly reviewed to locate malware. All unauthorized files and changes will be formally investigated.

Connected other frameworks and requirements:
12.2.1: Controls against malware
ISO 27001
12.2: Protection from malware
ISO 27001
PR.DS-6: Integrity checking
NIST CSF
DE.CM-4: Malicious code detection
NIST CSF
8.7: Protection against malware
ISO 27001

Use malware systems from multiple vendors

Critical
High
Normal
Low

We always use malware systems from multiple vendors to improve the likelihood of detecting malware.

Connected other frameworks and requirements:
12.2.1: Controls against malware
ISO 27001
12.2: Protection from malware
ISO 27001
DE.CM-4: Malicious code detection
NIST CSF
No items found.