Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

DS5.9 - Malicious Software Prevention, Detection and Correction

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective DS5.9 - Malicious Software Prevention, Detection and Correction is contained within Process Popup Ensure Systems Security.

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
16 Members
0 Online
4149 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Badge: Energizer


Malicious Software Prevention, Detection and Correction

Put preventive, detective and corrective measures in place (especially up-to-date security patches and virus control) across the organisation to protect information systems and technology from malware (e.g., viruses, worms, spyware, spam).

View value and Risk Drivers  help

Hide value and Risk Drivers help


Value Drivers

  • System security ensured by proactive malware protection
  • Ensured system integrity
  • Timely detection of security threats
  Risk Drivers
  • Exposure of information
  • Violations of legal and regulatory requirements
  • Systems and data that are prone to virus attacks
  • Ineffective countermeasures

View Control Practices  help

Hide Control Practices  help

  1. Establish, document, communicate and enforce a malicious software prevention policy in the organisation. Ensure that people in the organisation are aware of the need for protection against malicious software, and their responsibilities relative to same.
  2. Install and activate malicious software protection tools on all processing facilities, with malicious software definition files that are updated as required (automatically or semi-automatically).
  3. Distribute all protection software centrally (version and patch-level) using centralised configuration and change management.
  4. Regularly review and evaluate information on new potential threats.
  5. Filter incoming traffic, such as e-mail and downloads, to protect against unsolicited information (e.g., spyware, phishing e-mails).

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 107 total

Must be a Topic member to contribute
View All »
Books
Posted by ISACA 8 days ago
Books
Posted by ISACA 285 days ago
Books
Posted by ISACA 499 days ago

Events & Online Learning: 23 total

16 Mar 2015
ISACA International Event
Orlando, FL, USA
15 Jun 2015
ISACA International Event
Ciudad de México, Mexico
21 Sep 2015
ISACA International Event
Miami, FL, USA
21 Sep 2015
ISACA International Event
06010 Mexico City, Panama
La Conferencia Latinoamericana CACS/ISRM
9 Nov 2015
ISACA International Event
Copenhagen, Denmark
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM —the leading European conference for IT audit, assurance, security and risk professionals.

Journal Articles: 203 total

Volume 4, 2107
by Larry G. Wlosinski, CISA, CRISC, CISM, CAP, CBCP, CCSP, CDP, CIPM, CISSP, ITIL v3, PMP
The root causes of privacy incidents include the outsourcing of data, malicious insiders, system glitches, cyberattacks, and the failure to shred or dispose of privacy data properly.
Volume 3, 2107
by Jayakumar Sundaram, CISA, ISO 27001 LA
The SoA is a continuously updated and controlled document that provides an overview of information security implementation.
Volume 6, 2106
by Venkatasubramanian Ramakrishnan, CISM, CRISC, CHFI
Bayesian networks can capture the complex interdependencies among risk factors and can effectively combine data with expert judgment.
Volume 4, 2017
by Steven J. Ross, CISA, CISSP, MBCP
Some time ago in this space, I used an obscure statement by a nearly forgotten British Prime Minister to make some points about cyber security.
Volume 4, 2017
by Theresa Grafenstine, CISA, CRISC, CGEIT, CGAP, CGMA, CIA, CISSP, CPA
Get to know your network.
Volume 4, 2017
by ISACA | Reviewed by Ravi Ayappa, Ph.D., CISA, CRISC, CISM
Transforming Cybersecurity is a useful handbook for any cyber security practitioner, information security manager (ISM) or IT auditor.

Wikis: 2 total

Blog Posts: 49 total

La demanda de servicios bancarios a través de Internet, producto del surgimiento de nuevas necesidades en los consumidores atraídos por el auge tecnológico, mantiene a las entidades financieras inmersas en una encrucijada en la cual deben equilibrar el ni...
Posted By : Gerardo Zuñiga | 1 comments
The PCI Council has announced some new information on the upcoming version of PCI - Version 3.2.  Find out the latest here: http:/www.lbmcinformationsecurity.com/blog
Posted By : Stewart141 | 1 comments
30 Mar 2017
When you think about your company information security, a greatest image come into your mind: * if my storage device crashed;* if my flashcopy in other storage device crashed too;* if my backup tape was in flame;* if my archive data was missed;* if my sec...
Posted By : MGPlay | 0 comments
Senior Manager           ultimate responsibility Information security Officer          functional responsibility Security Analyst           Strategic, develops policies and guidelines Owner         - Responsible for asset         - Determine level of clas...
Posted By : Muhammad554 | 0 comments
For a long time, the main focus of most organization was to have a solid protected network perimeter, by installing the most powerful shiny firewall, IPS/IDS to avoid intruders to trespass inside their networks. The endpoint (host) protection was always c...
Posted By : Willian Guilherme | 1 comments
This is an opinion piece written using Australian English spelling. Please read at your leisure. There is no denying the outright benefits of The Internet of Things (IoT). The IoT is a Life-Productivity-Enabler. Connecting smart objects with other sma...
Posted By : Philippe_Lopez_AU | 0 comments