Protection against malware should be implemented and supported by appropriate user awareness.
Protection against malware in information security refers to the various measures and technologies that are used to detect and prevent malware from infecting or compromising a computer or network. Malware, short for malicious software, encompasses a wide variety of harmful software such as viruses, worms, Trojan horses, ransomware, and adware.
Some common methods used for protection against malware include, but not limited to:
- Anti-virus and anti-malware Policy & Procedures: It is beneficial for the organisation to have a separate policy addressing anti-virus and anti-malware. Nonetheless, for some organisations this might not be practical. Therefore, some organisations prefer to add details related to anti-virus or anti-malware related details in information security policy.
- Antivirus software: Antivirus software uses a database of known malware signatures to detect and remove malware from a computer or network.
- Firewalls: Firewalls are used to block malicious network traffic and to prevent malware from communicating with command-and-control servers.
- Sandboxing: Sandboxing is a technique that allows the execution of potentially malicious code in a restricted environment, so that it cannot harm the host system.
- Endpoint protection: Endpoint protection platforms are a combination of multiple security features such as antivirus, firewall, intrusion prevention, and application control all in one software.
- Email filtering: Email filtering technologies are used to detect and block malicious email attachments and links.
- Web filtering: Web filtering technologies are used to block access to known malicious websites. It is important that the organisation should keep evidence of the points mentioned above. To be able to show evidence when asked.