Preventive, detective and corrective measures are in place (especially up-to-date security patches and virus control) across the organisation to protect information systems and technology from malware (e.g., viruses, worms, spyware, spam).
Specification
Protection against malware should be present on managed endpoints and maintain up-to-date malware definitions (maximum one day old). Detection must be both signature- and behaviour-based.
Removable media must be scanned automatically for malware upon insertion and are not allowed to run content automatically.
The unplanned modification or termination of (parts of) the security protection measures (such as anti-malware measures) on endpoints should result in immediate alerts. Malware definitions that are more than one day old should also result in immediate alerts.
ISO 27001 & 27002:2022
A8.1,
A8.7,
A8.12,
A8.19,
A8.26
SURF toetsingskader informatiebeveiliging (NBA-volwassenheidsmodel)
SM.12 Manage malware attacks