Federal agencies and the private sector should develop...
Federal agencies and the private sector should develop and implement a malware prevention approach “based on current and future attack vectors” and suiting each entity’s organization environment, said the National Institute of Standards and Technology’s Information Technology Laboratory (ITL) in…
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
a set of new recommendations Wednesday. An organization should also ensure that its organizational policies address malware prevention, with its policy statements reflecting threat mitigation, awareness and defensive architecture, ITL said. Organizations should also incorporate malware prevention and incident handling practices into its awareness programs, and document policies and procedures to help mitigate potential vulnerabilities, ITL said. The lab also recommended an organization use its threat mitigation capabilities to contain malware incidents, including deploying antivirus software, firewalls, content filtering and “application whitelisting.” ITL recommended organizations develop a “resilient incident response capability” that includes malware incident handling. The incident response process includes four steps -- preparation, detection and analysis, containment or eradication, and “post-incident activity,” ITL said. Defensive architecture methods can also “lessen the impact of malware incidents,” said the lab (http://1.usa.gov/14EabxV).