Part of the Cyber Maturity series of articles, this section focuses on Malware Prevention.
Quoting the 10 Steps to Cyber Security Guidance Sheets:
Any information exchange carries a degree of risk as it could expose the organisation to malicious code and content (malware) which could seriously damage the confidentiality, integrity and availability of the organisation’s information and Information and Communications Technologies (ICT) on which it is hosted. The risk may be reduced by implementing security controls to manage the risks to all business activities.
The specific recommendations are:
- Develop and publish corporate policies
- Establish anti-malware defences across the organisation
- Scan for malware across the organisation
- Manage all data import and export
- Blacklist malicious web sites
- Provide dedicated media scanning machines
- Establish malware defences
- User education and awareness
What are your experiences in this area? How are you managing these controls?
Please share with the community in the comments area below.
- Malware Defences from SANS.
- CESG Good Practice Guide No. 7 (GPG7), Protection from Malicious Code
- PSN Common Standard for Malware Protection
Where is good practice referenced? Please let the community know in the comments area below.
The pages referenced in this series of blog articles are derived from the 10 Steps to Cyber Security Guidance Sheets published by BIS and GCHQ in this press release.
The documents are Crown Copyright and used here with permission under the government open license.