In many small organizations staff by default have full control over installing new applications onto their workstation. This presents a huge amount of risk as this software can be malicious in nature, or cause performance and compatibility issues. we should always look to making sure we have some kind of software deployment framework in place. We should;
- Ensure we have trained staff in place to deal with new software deployments, including installation.
- Make sure we test any new software we want to bring into our organization.
- Create a secure repository of approved software programs (and maintain a record of the expected hash value) that users can use.
- Maintain a record of all software installed on assets with a risk assessment of each.
- Ensure the new software is covered in backup and update processes.
- As always ensure privileged user account use is restricted; in this case so users cant arbitrarily install their own software.
12.5.1. Installation of software on operational systems.
Installing, or allowing the installation of unknown or untested software can introduce system instability, malware and other risk. Any new software installations should need to follow a standard procedure to be approved and installed. This installation should be carried out by the organizations IT team, untrained staff should never be able to perform this function and the team performing installations should first test the new software for compatibilities issues, vulnerabilities or similar.
Adams In-Security 