Security category – 12.2. Protection from malware
12.2.1. Controls against malware.
All companies run the risk of being compromised by malicious software and part of any company’s security plan should involve having some form of antivirus to detect and contain any infections. In addition to this, users should be given awareness training to be able to identify outbreaks and to guard against some attack vectors, such as suspicious email attachments. A tiered approach should be taken with a baseline of protection and training given for all computers and then addition protections provided to assets housing or processing sensitive data.