Back to T3.4.1 - P1 - CONTROLS AGAINST MALWARE
Malware includes, for example, viruses, worms, Trojan horses, and spyware. Malware can also be encoded in various formats (e.g., UUENCODE, Unicode), contained within compressed or hidden files, or hidden in files using steganography.
Protection against malware should be based on malware detection and repair software, security awareness, and appropriate system access and change management controls. The following guidance should be considered:
A. Establishing a formal policy prohibiting the use of unauthorized software;
B. Establishing a formal policy to protect against risks associated with obtaining files and software either from or via external networks, or on any other medium, indicating what protective measures should be taken;
C. Conducting regular reviews of the software and data content of systems supporting critical business processes; the presence of any unapproved files or unauthorized amendments should be formally investigated;
D. Installation and regular update of software that detects and eradicate malware to scan computers and media as a precautionary control, or on a routine basis; the checks carried out should include:
- Reviewing any files received over networks or via any form of storage medium, for malware before use;
- Reviewing electronic mail attachments and downloads for malware before use; this check should be carried out at different places, e.g. at electronic mail servers, desk top computers and when entering the network of the entity;
- Checking web pages for malware;
E. Defining management procedures and responsibilities to deal with malware protection on systems, training in their use, reporting and recovering from malware attacks;
F. Preparing appropriate business continuity plans (refer to T9.2.2) for recovering from malware attacks, including all necessary data and software backup and recovery arrangements;
G. Implementing procedures to regularly collect information, such as subscribing to mailing lists and/or checking web sites giving information about new malware;
H. Implementing procedures to verify information relating to malware, and ensure that warning bulletins are accurate and informative; managers should ensure that qualified sources, e.g. reputable journals, reliable Internet sites or suppliers producing software protecting against malware, are used to differentiate between hoaxes and real malware; all users should be made aware of the problem of hoaxes and what to do on receipt of them;
I. Isolate environments where catastrophic impacts may result.
Additional measures can include:
- Monitor workstations, servers, and mobile devices for active, up-to-date anti-malware protection with anti-virus, anti-spyware, personal firewalls, and host-based IPS functionality
- Prevent content auto-run on laptops, workstations, and servers
- Scan information systems periodically and files coming from external sources (including email attachments) in real-time
- Periodically update the protection mechanism UAE Information Assurance Standard Chapter 05 Security Controls
