cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
JulienB
Viewer II

In which policy to place company anti-malware requirements

Hi,

 

I am currently refreshing our policies, however I am not sure what is the best place to place requirements for the antimalware client.

 

Would you place these in an independent policy (e.g. Antimalware policy) or as part of another one?

 

Thanks

1 Reply
Steve-Wilme
Advocate I

Re: In which policy to place company anti-malware requirements

It can be referenced from several place as anti malware controls aren't necessarily just a software product on endpoints.  So at a policy level you'd have a statement that the standard antimalware product had to be part of every build and that it mustn't be disabled or uninstalled.  At a standards level you'd define how the product must be configured in terms of its features and their management. 

 

You may also have other malware controls in place around ingress of data e.g. email and web filtering, deep pack inspection for malware, restrictions on removable media etc.  You may also want to restrict what programs can download and/or execute, so you're only running known good software.  Some of those you'd need to put in your AUP to set expectations on staff behaviour.

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS