ISO 27001:2022 Annex A Control 8.7

Abstract of Annex A Control 8.7: Protection against malware

Control 8.7 of ISO 27001 provides guidelines to protect your organization’s information and systems from malware threats. It indicates preventive, detective, and corrective measures alongside user awareness to maintain the confidentiality, integrity, and availability of your data.

Iso 27001 Annex A Control 8.7 Protection Against Malware

Control Type

  • Preventive
  • Detective
  • Corrective

Information Security Properties

  • Confidentiality
  • Integrity
  • Availability

Cybersecurity Concepts

  • Protect
  • Detect

Operational Capabilities

  • System and Network Security
  • Legal and Compliance

Security Domains

  • Protection
  • Defence

Objective of Control 8.7

The objective of Control 8.7 is to ensure that your organization has comprehensive mechanisms to detect, prevent, and respond to malware threats. These mechanisms help secure your systems, networks, and data while minimizing disruptions caused by malware incidents.

Purpose of Control 8.7

The purpose of this control is to protect your organization’s information systems against malware. Through implementing robust malware defenses, you reduce the likelihood of unauthorized access, data breaches, or operational disruptions caused by malicious software.

Key Elements of Malware Protection

Preventive Measures

Preventive measures form the first line of defense against malware. They focus on stopping malware from infiltrating your systems:

  • Blocking Unauthorized Software: Use application allowlisting to ensure only trusted and approved applications are installed and executed. This minimizes the risk of malware introduced through unverified software.
  • Restricting Malicious Websites: Implement blocklists to prevent employees from accessing known harmful or suspicious websites. This is particularly critical for protecting against phishing and drive-by download attacks.
  • Reducing System Vulnerabilities: Conduct regular patching and secure configuration management to eliminate vulnerabilities that malware might exploit. This includes updating operating systems, applications, and firmware across your network.

Detective Measures

Detection focuses on identifying malware that may have bypassed preventive measures:

  • System Scans: Deploy malware detection software to scan all systems, networks, and storage devices for malicious code. Regular scans ensure early identification of potential infections.
  • Validation of Software and Files: Use automated tools to validate the integrity of software and files, especially in critical systems. This ensures that only authorized changes are made.
  • Monitoring Communication Channels: Implement scans for emails, web traffic, and file transfers to detect and block malicious attachments, downloads, and URLs.

Corrective Measures

Corrective actions are necessary when malware is detected, enabling your organization to recover and minimize impact:

  • Quarantining Infected Systems: Isolate compromised systems to prevent the spread of malware across the network.
  • Restoring Data from Backups: Use secure and verified backups to restore systems to their original state.
  • Reimaging Systems: In cases of advanced malware, such as rootkits, reimaging systems ensures they are entirely free from infection.

Implementation Guidance

Technical Controls

A layered approach to malware protection is essential for comprehensive defense:

  • Defense in Depth: Position malware detection tools at multiple layers, including network gateways, user endpoints, servers, and cloud environments. This reduces the likelihood of a single point of failure.
  • Regular Updates: Keep malware detection tools updated with the latest threat intelligence and definitions to protect against emerging threats.
  • Risk-Based Placement: Use risk assessments to determine the placement and configuration of malware defenses, focusing on protecting high-risk or high-value systems.

Secure File Handling

Files entering your organization from external sources, whether via email, USB drives, or web downloads, should be treated with caution. Ensure they are scanned for malware before use. Implement strict protocols for handling data during maintenance and emergency procedures to prevent inadvertent introduction of malware.

Awareness and Training

A well-informed workforce is crucial for effective malware defense. Training should include:

  • How to recognize phishing emails and suspicious attachments.
  • Best practices for safe web browsing.
  • The importance of reporting suspicious activity immediately.

Awareness programs should be updated regularly to reflect the latest malware trends and techniques.

Monitoring and Updates

To stay ahead of malware threats, your organization must implement ongoing monitoring and review processes:

  • Subscribe to trusted sources for malware intelligence to stay informed about new threats.
  • Regularly verify the accuracy and reliability of malware-related information and software updates.

Incident Response and Business Continuity

Even with strong defenses, malware incidents can occur. An effective incident response plan is vital:

  • Clear Procedures: Define step-by-step actions to take when malware is detected, including containment, eradication, and recovery.
  • Role Assignments: Assign specific responsibilities for managing malware incidents, from detection to resolution.
  • Business Continuity Plans: Include malware-specific scenarios in your continuity planning, ensuring that backups and recovery processes are tested and ready to deploy.

Relevant ISO 27001 Controls

Control 8.7 works in conjunction with other ISO 27001 controls to enhance your overall security posture:

  • Control 6.3: Awareness and Training – Reinforces the human element of cybersecurity.
  • Control 8.8: Technical Vulnerability Management – Focuses on addressing vulnerabilities that malware could exploit.
  • Control 8.13: Backup – Ensures data recovery capabilities are robust and effective.
  • Control 8.19: Installation of software on operational systems – Ensures systems are configured to minimize risks.
  • Control 8.32: Logging and Monitoring – Provides the ability to detect and analyze malware activity.

Supporting Templates for Control 8.7

Your organization can streamline the implementation of Control 8.7 using these templates:

  • Malware Response Procedure Template: A structured guide for handling malware incidents.
  • User Awareness Training Guide: Training materials tailored to improve employee understanding of malware risks.
  • Backup and Recovery Policy Template: Guidance for creating secure, reliable backups and recovery procedures.
  • Technical Vulnerability Management Plan Template: A roadmap for identifying and mitigating system vulnerabilities.
Control 8.6
ISO 27001 overview
Control 8.8