Information Technology Reference
In-Depth Information
Consider anti-malware from the perspective of the IA operations cycle:
anticipate,
defend, monitor,
and
respond
.
9.6.1.1 Anticipate
n
Viruses, worms, spyware, spam, and other malware are present within the
Internet and many intranets.
They will propagate through e-mail, file transfers, file sharing, instant mes-
saging, and other online media and message/file sharing capabilities.
They have the potential to devastate operations and cost the organization
many tens or hundreds of thousands of dollars in lost data, productivity, and
revenue.
Architect, design, and implement an infrastructure to detect and discard
malware.
n
n
n
9.6.1.2 Defend
n
Maintain (patch and update) an infrastructure to detect and discard
malware.
Data in transit: From Internet to organization; from organization to custom-
ers, vendors, partners, etc.
Data at rest: E-mail server, individual PCs, other servers.
Data in use: Anomalous memory accesses or network traffic during applica-
tion use.
n
n
n
9.6.1.3 Monitor
n
n
n
n
Monitor for malware presence, detection, and discard status.
Monitor for updates in malware software.
Monitor for updates in malware signature files.
Establish a process that automates each of the above to avoid delays caused
by manual intervention.
9.6.1.4
Respond
Establish a response infrastructure that includes:
n
n
n
n
Incident reporting (virus detected)
Triage (relative threat to other current incidents)
Escalation (who can best resolve the incident)
Identification (where is the virus)
