Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
JulienB
Viewer II
‎10-30-2020 05:12 AM
‎10-30-2020 05:12 AM

In which policy to place company anti-malware requirements

Hi,

 

I am currently refreshing our policies, however I am not sure what is the best place to place requirements for the antimalware client.

 

Would you place these in an independent policy (e.g. Antimalware policy) or as part of another one?

 

Thanks

Labels
Reply
0 Kudos
1 Reply
Steve-Wilme
Advocate II
‎10-30-2020 08:10 AM
‎10-30-2020 08:10 AM

It can be referenced from several place as anti malware controls aren't necessarily just a software product on endpoints.  So at a policy level you'd have a statement that the standard antimalware product had to be part of every build and that it mustn't be disabled or uninstalled.  At a standards level you'd define how the product must be configured in terms of its features and their management. 

 

You may also have other malware controls in place around ingress of data e.g. email and web filtering, deep pack inspection for malware, restrictions on removable media etc.  You may also want to restrict what programs can download and/or execute, so you're only running known good software.  Some of those you'd need to put in your AUP to set expectations on staff behaviour.

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply