The measures referred to in paragraph 1 shall be based on an all-hazards approach that aims to protect network and information systems and the physical environment of those systems from incidents, and shall include measures for incident handling.
Centrally select and install malware detection and repair programs and update them regularly for preventive or regular scanning of computers and media.
Programs should check at least the following:
Malware protection systems automatically check for and install updates at desired intervals and also run the desired scans at the selected frequency without needed user actions.
The development of system logs must keep pace with the development of the system and enable, for example, the necessary resolution of incidents. In connection with the data system list, we describe for which systems we are responsible for the implementation of the logging. For these systems, we document:
Often, security tools provide a way to set alert policies when something potentially dangerous happens in an organization's environment. For example, Microsoft 365 has built-in alert policies to alert you to abuse of administrator privileges, malware, potential internal and external risks, and data security risks.
The organization must identify security-related events in data systems and the environments in which they operate. To respond to changes related to these events, alarm policies must be created.
Alarm policies need to be actively monitored and modified based on experience.
The data systems (and their content) that support critical business processes are regularly reviewed to locate malware. All unauthorized files and changes will be formally investigated.
The organization must be aware of the logs that accrue from the use of different data systems, whether generating the logs is the responsibility of the organization or the system provider. Logs record user actions as well as anomalies, errors, and security incidents.
The adequacy of log should be reviewed regularly. If necessary, log should be usable to determine the root causes for system incidents.
System logs often contain a wealth of information, much of which is irrelevant to security monitoring. In order to identify events relevant to security monitoring, consideration should be given to automatically copying appropriate message types to another log or to using appropriate utilities or audit tools to review and resolve files.
The organization regularly trains staff on the use of utilized malware protection, reporting malware attacks, and recovering from malware attacks.
In Cyberday, all frameworks’ requirements are mapped into universal tasks, so you achieve multi-framework compliance effortlessly.
.png)
Elevate Your Knowledge with Exclusive Access to Weekly Webinars, Video Courses, Help Articles, and Blogs.
