Malware protection

Centrally select and install malware detection and repair programs and update them regularly for preventive or regular scanning of computers and media.

Programs should check at least the following:

• files received over the network or storage media are scanned for malware before use
• email attachments and downloaded files are scanned for malware before use
• websites are scanned for malware

Malware protection systems automatically check for and install updates at desired intervals and also run the desired scans at the selected frequency without needed user actions.

The organisation must determine what are the requirements for protection against malware. The following should be considered:

• Risk assessment
• Legal and regulatory requirements
• Business and operational needs
• Technology environment
• Budget and resources

The organisation must define and implement organisational measures for protection against malware based on the defined requirments.

The security arrangements required for critical online services, such as security features, service levels, and management requirements, are carefully defined in advance. Online services include e.g. connections, networks and network security solutions (e.g. firewalls).

The security features of online services can be e.g. the following:

• required security-related technologies such as authentication, encryption technology, and network connection management tools
• the technical parameters required for a secure connection to network services
• online service usage criteria that restrict access to the online service or applications as needed

An owner is defined for an organization's networks. The owner is responsible for planning the structure of the network and documenting it.

Separate network areas are used in network design as needed. Domain areas can be defined by e.g.:

• trust level (eg public, workstations, server)
• organizational units (eg HR, financial management)
• or by some combination (for example, a server domain that is connected to multiple organizational units)

Separation can be implemented either with physically separate networks or with logically separate networks.

Organization's data systems and network must be monitored to detect abnormal use. When anomalities are detected, the organization must take the necessary measures to assess the possibility of security incident.

The monitoring should utilize tools that enable real-time or regular monitoring, taking into account the organization's requirements. Monitoring practices should be able to manage large amounts of data, adapt to changing threat environment, and send alerts immediately when necessary.

Inclusion of the following sources in the monitoring system should be considered:

• outbound and inbound network and data system traffic

  li>

• access to critical data systems, servers, network devices and the monitoring system itself
• critical system and network configuration files
• logs from security tools (e.g. antivirus, IDS, IPS, network filters, firewalls)

Organization must also establish procedures for identifying and correcting "false positive" results, including tuning monitoring software for more accurate anomaly detection.

The organization regularly trains staff on the use of utilized malware protection, reporting malware attacks, and recovering from malware attacks.

Our organization has defined policies in place to prevent or at least detect the use of unauthorized programs.