Welcome » IT Booklets » Information Security » II Information Security Program Management » II.C Risk Mitigation » II.C.12 Malware Mitigation
Attackers use malware to obtain access to an institution's
environment and to execute an attack within the environment.
Malware may enter through public or private networks and from
devices attached to the network. Although protective mechanisms may
block most malware before it does damage, even a single malicious
executableIn computing, an executable is a
file or a program that is able to be run by a computer. may
create a significant potential for loss.
Management should implement defense-in-depth to protect, detect,
and respond to malware. The institution can use many tools to block
malware before it enters the environment and to detect it and
respond if it is not blocked. Methods or systems that management
should consider include the following: