To protect against malware, a multi-layered approach is necessary, including implementing controls to prevent the use of unauthorized software and known malicious websites, reducing vulnerabilities, regular scanning of systems and data for malware, implementing appropriate malware detection and repair tools based on risk assessment, isolating critical environments, and training users to recognize and mitigate malware. Additionally, procedures should be in place for authorizing the temporary or permanent disabling of measures against malware when necessary, and business continuity plans should be prepared to recover from malware attacks. Data on new malware should be regularly collected from reputable sources.
Conformance1
Tools for conforming to standards, goals and processes
