Malware Defenses

Issue/Question

What is the USD IT security policy on Malware Defenses?

Environment

  • CIS Control 10

Cause

Protect against cybersecurity threats, establish cybersecurity norms, enhance cybersecurity maturity

Resolution

Malware Defenses

Policy Statement: The University acknowledges the critical importance of implementing robust malware defenses to protect its information systems and data against malicious software threats. This policy establishes guidelines for the deployment and management of malware defenses to detect, prevent, and mitigate malware infections within the University's IT environment.

Policy Implementation:

  1. Endpoint Protection:

    • The University will deploy endpoint protection solutions, such as antivirus software, anti-malware scanners, and host-based intrusion prevention systems (HIPS), on all endpoints, including desktops, laptops, servers.
    • Endpoint Detection and Response software needs to be installed on all systems.  Windows, Linux, and MAC.
    • Endpoint protection solutions will be regularly updated with the latest malware signatures and threat intelligence feeds to ensure effective detection and mitigation of malware threats.
    • Removable device scanning protection will be put in place.
  2. Email Security:

    • Email security measures, including spam filtering, antivirus scanning, and attachment sandboxing, will be implemented to detect and block malware-laden emails before they reach users' inboxes.
    • Advanced threat protection mechanisms, such as URL rewriting and domain-based authentication, will be employed to mitigate phishing attacks and prevent the delivery of malicious email content.
  3. Web Filtering and Content Security:

    • Web filtering solutions will be deployed to block access to known malicious websites and prevent users from downloading malware-infected files or accessing malicious content.
    • Content security policies will be enforced to restrict the execution of potentially dangerous scripts and prevent drive-by downloads through web browsers.
    • Endpoint based, DNS based, and cloud based security will be enabled to block malicious entities including applications that are deemed high risk. 
  4. Network-Based Defenses:

    • Network-based malware defenses, including intrusion detection and prevention systems (IDS/IPS), next-generation firewalls (NGFW), and network-based antivirus scanners, will be deployed to monitor and filter network traffic for signs of malware activity.
    • Network security controls will be configured to block known malware signatures, suspicious network behavior, and command-and-control communications associated with malware infections.
  5. UEBA Defenses:

    • Behaviour-based monitoring and defense will be activated at the endpoint and identity levels with EDR, SIEM, and XDR
  6. User Education and Awareness:

    • The University will provide regular cybersecurity awareness training to educate users about common malware threats, including phishing, ransomware, and social engineering attacks.
    • Training materials and resources will be made available to users to promote safe computing practices, such as avoiding suspicious links, not downloading unknown attachments, and reporting suspected malware incidents promptly.

Compliance and Enforcement: Non-compliance with this policy may result in disciplinary action, including but not limited to loss of access privileges, fines, or termination of employment. All members of the University community are responsible for adhering to this policy and actively participating in malware defense measures.

Policy Review: This policy will be reviewed annually to ensure alignment with emerging threats, changes in technology, and regulatory requirements. Updates will be made as necessary to maintain the effectiveness and relevance of malware defense measures.


This policy provides a comprehensive framework for implementing CIS Control 10 within the University environment, focusing on deploying and managing malware defenses to protect against malicious software threats and safeguard University information systems and data.

Please contact the Service Desk if you need further assistance

Print Article

Details

Article ID: 8942
Created
Tue 3/5/24 8:48 AM
Modified
Mon 7/1/24 1:12 PM
KCS Article Status
WIP: Only Problem & some Environment captured
Not Validated: Complete & Resolution captured, confidence lacks in structure, content, no feedback
Validated: Complete & reusable, used by licensed KCS user, confidence in resolution & std. compliance
Validated

Related Articles (5)

A guide to avoiding legitimate University email landing in the Junk folder
ITS has invested in KnowBe4 security awareness training to help our faculty and staff understand cyber attacks and phishing threats to themselves and the students that we all serve.