Scribd Logo
Upload

Welcome to Scribd!

  • Anti Malware Questions V2.2.cleaned

    Uploaded by

    mariduenan
    13 views2 pages

    Original Title

    Anti-Malware-Questions-v2.2.cleaned

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    13 views2 pages

    Anti Malware Questions V2.2.cleaned

    Uploaded by

    mariduenan

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    Auditing Anti-Malware

    AuditScripts 5 Crucial Questions (v2.2)

    These materials are considered sensitive and confidential materials and may not be used
    for any purpose other than the organization’s own internal use. This material may not
    otherwise be shared, used, reproduced, or disseminated outside of the organization in any
    way without prior written permission.

    AUDITING ANTI-MALWARE
    1
    © ENCLAVE SECURITY 2017
    Standards References
    CIS Critical Controls (v6.1):
    Auditing Anti-Malware 2, 7, 8, 12

    AuditScripts 5 Crucial Questions (v2.2) NERC CIP (v5):


    Not Applicable

    Purpose: NIST 800 Series:


    Organizations audit their information security stance to protect the NIST SP 800-83
    confidentiality, integrity, and availability of their information systems.
    Auditing and assessment allow an organization to validate their compliance NIST 800-53 (rev4):
    SI-3, SI-8
    with the standards they have set for themselves and to measure the levels of
    risk they are currently accepting.
    COBIT 5:
    AuditScripts has created the “5 Crucial Questions” series of audit checklists APO13, DSS05
    to provide auditors with a list of the five most important questions to ask
    when auditing a specific scope. Heavily influenced by the 20 Critical Security ISO 27000:2013:
    10.4
    Controls project, these questions should serve as the starting point for any
    assessment.
    NIST Cybersecurity Framework:
    DE.CM-4, DE.CM-5
    5 Crucial Questions to Ask: IIA GTAGs:
    When performing an audit of an organization’s anti-malware systems and
    Not Applicable
    their ability to defend themselves against malicious code, auditors should
    consider at a minimum asking the following questions: PCI DSS (v3.1):
    1. What percentage of the organization’s computer systems have up-to- 5
    date, centrally managed anti-malware software actively running?
    2. What percentage of the organization’s computer systems have HIPAA / HITECH:
    application whitelisting software actively running? HIPAA 164.308(a)(5)
    3. Has the organization deployed an enterprise central management
    console for their anti-malware and whitelisting agents? Other Standards:
    4. Are network filters and monitors in place on the organization’s All current FIPS Publications
    (especially FIPS 140-2)
    network to detect and block malicious code (especially at the
    organization’s internet gateway)?
    5. Are system business owners and executives regularly reviewing
    reports from the central management console(s) in order to respond
    properly to identified malware threats?

    ©AuditScripts.com & Enclave Security, LLC under a Creative Commons Attribution-


    NonCommercial 3.0 Unported (CC BY-NC 3.0) License.
    http://creativecommons.org/licenses/by-nc/3.0/deed.en_US.

    AUDITING ANTI-MALWARE
    2
    © ENCLAVE SECURITY 2017

    You might also like