How Important Is Anti-virus in Your Security Plan
I.T. Security Plan is…
It is developed and documented for I.T. system and its related components (applications, hardware, networks and telecommunication, data, devices and etc.), as per the Company’s Information Security Policies. It includes at minimum a description of the various security processes for the system, procedural and technical requirements and organizational structure to support the security processes. Security requirements and controls should reflect the business value of the information assets involved and the consequence from failure of security. To sum up, the plan addresses all security threats and suggest solutions to tackle those threats. Regardless the size of company, this Plan is a necessity.
The Plan shall be quite comprehensive. It covers (but not limited to) the following areas:
* Infrastructure, Telecommunications and Environment Security Components
* Remote Access Requirements
* Physical Security
* Administration, Roles & Responsibilities for Security Functions
* Access Control
* Security Logging, Recording and Monitoring
* Security Training
* Security Testing
* Backup and Disaster Recovery Requirements
* Legal / Regulatory Requirements for Security / Privacy
* Confidentiality Requirements / Data Classification
Anti-virus in the Plan…
As the caption, let’s come to the tiny but vital component of the Plan, Anti-virus. But, where is it in the Plan? It is a sub-sub-area of the very first main area above. The Anti-virus package is sitting at the core part of Environment Security area. In Environment Security, there are more several components like SSH, HTTPS, firewall, router configuration file, system logging, and etc.
Anti-virus now and past…
The definition and function of Anti-virus will not be discussed here because it is already known widely. What we like to emphasize here: don’t under-estimate or overlook this tiny component in your plan and for your organization.
Anti-virus had emerged for decades along with DOS (Disk Operating System, not Denial of Service) or Windows 2.1. It almost become mandatory for every computer, server, smart phone, smart mobile device and intelligent network device. Those devices are the targets of hackers who are using VIRUS as a tool to attack and gaining what they want. In the past, destruction was the main purpose and the result by virus attack. However, around 25 years ago, virus has been using for spying, data-stealing and extortion (e.g. WannaCry ransomware attack) have been becoming a trend and being popular.
Subsequently, anti-virus is required to upgrade as a more comprehensive defensive package but rather just checking and quarantine the found virus. Image that there is a computer got infected, the worst scenario is: the virus will drag down all operations or even the company itself.
As a security frontier, Anti-virus software plays a very critical and important role in company’s security arena. That’s why to plan and implement for the Anti-virus strategy in the very first section of I.T. Security Plan.
Your sharing is welcome, please come to us for further discussion.