Content library
Malware protection
Detecting unconfirmed mobile apps

Other tasks from the same security theme

Task name
Priority
Status
Theme
Policy
Other requirements
Selection and use of malware detection software on all devices
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
27
requirements

Examples of other requirements this task affects

12.2: Protection from malware
ISO 27001
12.2.1: Controls against malware
ISO 27001
I09: Haittaohjelmasuojaus
Katakri
6.5: Tietojärjestelmien asennus, ylläpito ja päivitys
Omavalvontasuunnitelma
DE.CM-4: Malicious code detection
NIST
See all related requirements and other information from tasks own page.
Go to >
Selection and use of malware detection software on all devices
1. Task description

Centrally select and install malware detection and repair programs and update them regularly for preventive or regular scanning of computers and media.

Programs should check at least the following:

  • files received over the network or storage media are scanned for malware before use
  • email attachments and downloaded files are scanned for malware before use
  • websites are scanned for malware
Defining requirements for malware protection
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
1
requirements

Examples of other requirements this task affects

5.2.3: Malware protection
TISAX
See all related requirements and other information from tasks own page.
Go to >
Defining requirements for malware protection
1. Task description

The organisation must determine what are the requirements for protection against malware. The following should be considered:

  • Risk assessment
  • Legal and regulatory requirements
  • Business and operational needs
  • Technology environment
  • Budget and resources

The organisation must define and implement organisational measures for protection against malware based on the defined requirments.

Haittaohjelmasuojaus julkisista verkoista eristetyissä järjestelmissä (TL III)
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
2
requirements

Examples of other requirements this task affects

TEK-11.2: Haittaohjelmilta suojautuminen - TL III
Julkri
I-09: MONITASOINEN SUOJAAMINEN – HAITTAOHJELMASUOJAUS
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Haittaohjelmasuojaus julkisista verkoista eristetyissä järjestelmissä (TL III)
1. Task description

Haittaohjelmasuojauksen päivittämiseen on olemassa prosessi myös järjestelmille, joita ei ole kytketty kytketä julkiseen verkkoon. Haittaohjelmatunnisteiden päivitys voidaan järjestää esimerkiksi käyttämällä hallittua suojattua päivitystenhakupalvelinta, jonka tunnistekanta pidetään ajan tasalla esimerkiksi erillisestä internetiin kytketystä järjestelmästä tunnisteet käsin siirtämällä (esim. 1-3 kertaa viikossa), tai tuomalla tunnisteet hyväksytyn yhdyskäytäväratkaisun kautta. Tunnisteiden päivitystiheyden riittävyyden arviointi tulee suhteuttaa riskienarvioinnissa kyseisen ympäristön ominaispiirteisiin, erityisesti huomioiden ympäristön muun tiedonsiirron tiheyden.

Myös päivitysten eheydestä varmistumiseen tulisi olla ennalta suunniteltu menettelytapa (lähde, tarkistussummat, allekirjoitukset, jne.).

Haittaohjelmasuojaus tietojärjestelmissä (TL IV)
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
2
requirements

Examples of other requirements this task affects

TEK-11.1: Haittaohjelmilta suojautuminen
Julkri
I-09: MONITASOINEN SUOJAAMINEN – HAITTAOHJELMASUOJAUS
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Haittaohjelmasuojaus tietojärjestelmissä (TL IV)
1. Task description

Organisaatio on tunnistanut tietojärjestelmät, joissa haittaohjelman torjuntaohjelmistoilla pystytään saamaan lisäsuojausta.

Whitelisting
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
8
requirements

Examples of other requirements this task affects

MWP-05: Whitelisting
Cyber Essentials
MWP: Application allow listing
Cyber Essentials
1.2.2: Establish organisational guidelines for approved devices and software
NSM ICT-SP
1.2.4: Identify the software in use at the organisation
NSM ICT-SP
2.3.2: Configure clients so that only software known to the organisation is able to execute
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Whitelisting
1. Task description

Only software approved by the organization can be run on the devices. The organization should:

  • Actively approve software before it is deployed
  • Maintain a list of approved software
  • Prevent users from installing unapproved software
  • Create a list of separately allowed extensions
  • Unauthorized extensions should be blocked
Blacklisting
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
1
requirements

Examples of other requirements this task affects

MWP-04: Blocking connections to malicious websites
Cyber Essentials
See all related requirements and other information from tasks own page.
Go to >
Blacklisting
1. Task description

The malware protection software must block connections to malicious websites using deny listing for example. Not doing this is acceptable only if there is clear documented business need not to and the organisation fully understands and accepts the associated risks.

Automatic website scan by malware protection software
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
2
requirements

Examples of other requirements this task affects

MWP-03: Automatic website scan by anti-malware software
Cyber Essentials
See all related requirements and other information from tasks own page.
Go to >
Automatic website scan by malware protection software
1. Task description

The malware protection software used by the organisation must be configured to automatically scan websites. The scan should be done when accessing a website.

Automatic file scan by malware protection software
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
3
requirements

Examples of other requirements this task affects

MWP-02: Automatic file scan by anti-malware software
Cyber Essentials
3.1.3: Use automated and centralised tools to handle known threats
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Automatic file scan by malware protection software
1. Task description

The anti-malware software used by the organisation must be configured to automatically scan files. The scan should be done when a file is downloaded, opened and when it is opened from network storage.

Disabling auto-run of software
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
2
requirements

Examples of other requirements this task affects

SEC-04: Disabling auto-run of software
Cyber Essentials
See all related requirements and other information from tasks own page.
Go to >
Disabling auto-run of software
1. Task description

The organisation must make sure that all of it’s computers, networking equipment and other related devices have auto-run of software is disabled.

Auto-run can cause serious cyber attacks, like ransomware, to get into the organisation’s systems through downloaded software or compromised peripherals (e.g usb-stick).

Laitteiden liityntöjen rajoittaminen (ST III-II)
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
1
requirements

Examples of other requirements this task affects

I09: Haittaohjelmasuojaus
Katakri
See all related requirements and other information from tasks own page.
Go to >
Laitteiden liityntöjen rajoittaminen (ST III-II)
1. Task description

Vahvistaaksemme haittaohjelmilta suojautumiselta organisaatiomme on määritellyt lisätoimenpiteet korkeamman suojaustason tiedoille:

  • Arvioidaan tarve järjestelmien USB-porttien ja vastaavien liityntöjen käytölle.
  • Tilanteissa, joissa liityntöjen käytölle ei ole kriittistä tarkastelua kestävää perustetta, liitynnät poistetaan käytöstä.
  • Tilanteissa, joissa liityntöjen käytölle on kriittistä tarkastelua kestävät perusteet, arvioidaan tapauskohtaisesti edellytykset ja ehdot, minkä mukaisia laitteistoja ja välineitä (esim. USB-muisteja) järjestelmään voidaan kytkeä.
Procedures and data sources for gathering reliable information about malware
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
7
requirements

Examples of other requirements this task affects

12.2: Protection from malware
ISO 27001
12.2.1: Controls against malware
ISO 27001
ID.RA-2: Cyber threat intelligence
NIST
8.7: Protection against malware
ISO 27001
ID.RA-2: Cyber threat intelligence is received from information sharing forums and sources.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Procedures and data sources for gathering reliable information about malware
1. Task description

The organization has defined policies that regularly collect up-to-date and reliable information about malware. Such can be e.g. mailing lists, magazines, blogs from security software vendors, or security news sites.

The purpose of the data sources is to verify the information on malware, to distinguish the scams from real malware and to ensure that the warnings received are truthful and informative.

Regular malware inspection of data systems supporting critical business processes
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
15
requirements

Examples of other requirements this task affects

12.2: Protection from malware
ISO 27001
12.2.1: Controls against malware
ISO 27001
PR.DS-6: Integrity checking
NIST
DE.CM-4: Malicious code detection
NIST
8.7: Protection against malware
ISO 27001
See all related requirements and other information from tasks own page.
Go to >
Regular malware inspection of data systems supporting critical business processes
1. Task description

The data systems (and their content) that support critical business processes are regularly reviewed to locate malware. All unauthorized files and changes will be formally investigated.

Detecting and blocking access to dangerous websites
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
6
requirements

Examples of other requirements this task affects

12.2: Protection from malware
ISO 27001
12.2.1: Controls against malware
ISO 27001
8.7: Protection against malware
ISO 27001
8.23: Web filtering
ISO 27001
CC6.8: Detection and prevention of unauthorized or malicious software
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Detecting and blocking access to dangerous websites
1. Task description

The organization must identify the types of websites that staff should and should not have access to.

The organization must consider blocking access to the following types of sites (either automatically or by other means):

  • websites with a file upload function, unless this is permitted for a specific business need
  • known or suspected malicious websites (e.g. distributing malware or containing phishing content)
  • command and control servers
  • websites distributing illegal content
Protection of programs in the data processing environment from network attacks
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
1
requirements

Examples of other requirements this task affects

I-13: MONITASOINEN SUOJAAMINEN KOKO ELINKAAREN AJAN – OHJELMISTOJEN SUOJAAMINEN VERKKOHYÖKKÄYKSILTÄ
Katakri 2020
See all related requirements and other information from tasks own page.
Go to >
Protection of programs in the data processing environment from network attacks
1. Task description

The security of the data processing environment is tested. Testing takes into account the appropriate level of security and the level of implementation, integration and configuration. Security must be taken care of throughout the entire life cycle of the environment.

At least the following should be considered here:

  • The purposes of use of the software (applications, services, systems) and the roles that may implement the security of the software have been identified.
  • The security needs of the software (applications, services, systems) have been assessed, taking into account in particular the intended use of the software and its possible role in implementing security, the attack surface area, and the nature and security class of the data being processed.
  • The software (applications, services, systems) dependencies and interfaces have been identified. Dependencies and interfaces have been assigned the same requirements as software, taking into account, for example, the used libraries, interfaces (APIs) and hardware bindings. The requirements take into account both the server-side and the client-side parts.
  • Critical software (applications, services, systems) is implemented or the implementation is checked as far as possible against a reliable standard and/or using safe programming guidelines.
  • It has been ensured that the software (applications, services, systems) program code quality maintenance, development and change management meet the needs throughout the entire life cycle.
  • It has been ensured that the software (applications, services, systems) meet the requirements derived from legislation.
Automatic blocking and detecting of unauthorized hardware
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
1
requirements

Examples of other requirements this task affects

ID.AM-1: Physical devices and systems used within the organization are inventoried.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Automatic blocking and detecting of unauthorized hardware
1. Task description

Our organization has defined policies and measures to detect and prevent the usage of unauthorized hardware within the organization's network and infrastructure.

Establish a allowlist for approved scripts
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Establish a allowlist for approved scripts
1. Task description

The organization implements a comprehensive strategy to block unauthorized scripts from executing by employing multiple security measures. These include the use of digital signatures to verify the authenticity of scripts, ensuring only signed by a trusted certificate authority are allowed to run.

Creating an allowlist for approved libraries
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
2
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Creating an allowlist for approved libraries
1. Task description

The organization implements an allowlist for approved libraries by requiring digital signatures from trusted certificate authorities for all libraries.

The organization uses application whitelisting to ensure only approved libraries load and configures security policies to block unapproved libraries.

Configuring automatic anti-malware scanning of removable media
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Configuring automatic anti-malware scanning of removable media
1. Task description

The organization configures anti-malware software to automatically scans a data transferred via removable media. This involves setting up the software to perform automatic scans on files when they are downloaded, opened, or accessed from network storage, including removable media like USB drives and other external storage devices. Any files transferred via these media are promptly scanned for malware before they can be utilized.

Enabling features of anti-exploitation
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
1
requirements

Examples of other requirements this task affects

No items found.
See all related requirements and other information from tasks own page.
Go to >
Enabling features of anti-exploitation
1. Task description

The protection of programs within the data processing environment is ensured by integrating and configuring features such as Microsoft Data Execution Prevention (DEP), Windows Defender Exploit Guard (WDEG), Apple System Integrity Protection (SIP), and Gatekeeper.

In parallel, system hardening is performed by adjusting settings and limiting systems to essential functionalities, thereby reducing potential vulnerabilities and aligning with anti-exploitation practices like those provided by DEP and WDEG.

Instructing and training staff regarding malware
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
16
requirements

Examples of other requirements this task affects

12.2: Protection from malware
ISO 27001
7.2.2: Information security awareness, education and training
ISO 27001
12.2.1: Controls against malware
ISO 27001
I09: Haittaohjelmasuojaus
Katakri
TEK-11: Haittaohjelmilta suojautuminen
Julkri
See all related requirements and other information from tasks own page.
Go to >
Instructing and training staff regarding malware
1. Task description

The organization regularly trains staff on the use of utilized malware protection, reporting malware attacks, and recovering from malware attacks.

Informing staff about new, relevant malware
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
5
requirements

Examples of other requirements this task affects

12.2: Protection from malware
ISO 27001
7.2.2: Information security awareness, education and training
ISO 27001
12.2.1: Controls against malware
ISO 27001
WORKFORCE-2: Increase Cybersecurity Awareness
C2M2
2.1.3: Staff training
TISAX
See all related requirements and other information from tasks own page.
Go to >
Informing staff about new, relevant malware
1. Task description

Ensuring staff security awareness is an important part of protection against malware. Because of this, staff are regularly informed of new types of malware that may threaten them.

Automatic blocking and detecting of unauthorized software
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
17
requirements

Examples of other requirements this task affects

12.2: Protection from malware
ISO 27001
12.2.1: Controls against malware
ISO 27001
DE.CM-5: Unauthorized mobile code detection
NIST
8.7: Protection against malware
ISO 27001
5.2.3: Malware protection
TISAX
See all related requirements and other information from tasks own page.
Go to >
Automatic blocking and detecting of unauthorized software
1. Task description

Our organization has defined policies in place to prevent or at least detect the use of unauthorized programs.

Use malware systems from multiple vendors
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
4
requirements

Examples of other requirements this task affects

12.2: Protection from malware
ISO 27001
12.2.1: Controls against malware
ISO 27001
DE.CM-4: Malicious code detection
NIST
DE.CM-4: Malicious code is detected.
CyberFundamentals
See all related requirements and other information from tasks own page.
Go to >
Use malware systems from multiple vendors
1. Task description

We always use malware systems from multiple vendors to improve the likelihood of detecting malware.

Detecting unconfirmed mobile apps
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
5
requirements

Examples of other requirements this task affects

12.2: Protection from malware
ISO 27001
12.2.1: Controls against malware
ISO 27001
SEC-03: Removing unnecessary software and network services
Cyber Essentials
DE.CM-5: Unauthorized mobile code is detected.
CyberFundamentals
2.3.2: Configure clients so that only software known to the organisation is able to execute
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Detecting unconfirmed mobile apps
1. Task description

Our organization has defined policies in place to prevent or at least detect the use of unauthorized programs on mobile devices (e.g. smartphones, tablets).

Minimize the risk posed by the software that accompanies documents
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Technical cyber security
Malware protection
1
requirements

Examples of other requirements this task affects

2.3.2: Configure clients so that only software known to the organisation is able to execute
NSM ICT-SP
See all related requirements and other information from tasks own page.
Go to >
Minimize the risk posed by the software that accompanies documents
1. Task description

The software that accompanies some documents (e.g. macros) also provides a large attack surface. To reduce this attack surface, one should remove unwanted software from external documents and emails before they reach the users, e.g. in the firewall, deactivate the option to run such software for users who do not need it, and explicitly allowlist software in documents that the users actually need, e.g. by using digital signatures.

Universal cyber compliance language model: Comply with confidence and least effort

In Cyberday, all frameworks’ requirements are mapped into universal tasks, so you achieve multi-framework compliance effortlessly.

Security frameworks tend to share the common core. All frameworks cover basic topics like risk management, backup, malware, personnel awareness or access management in their respective sections.
Cyberday’s universal cyber security language technology creates you a single security plan and ensures you implement the common parts of frameworks just once. You focus on implementing your plan, we automate the compliance part - for current and upcoming frameworks.
Start your free trial
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.