3.6 Concept of computer virus protection

Description

The aim of the concept of computer virus protection is to create suitable safeguards with which the occurrence of computer viruses in the IT systems of an organisation can be prevented or detected as early as possible. In this way, countermeasures can be taken and possible damage can be minimised. In the protection against computer viruses it is essential that the safeguards are consistently adhered to and that technical countermeasures are constantly updated. This requirement is due to the continual occurrence of new computer viruses or variants of viruses. The development of operating systems, programming languages and application software may also provide opportunities for computer viruses to attack. This should therefore be taken into account and suitable countermeasures should be taken.

Since computers in government agencies or companies are increasingly integrated in local networks or connected to public communication networks, passing on data via means other than floppy disks can create additional infection paths for computer viruses. This often makes it necessary to continually check for viruses in the computers used.

In order to protect an entire organisation effectively against computer viruses, this chapter describes the steps that have to be taken to create and implement a concept of computer virus protection.
Recommended safeguards for protection against computer viruses can be found in the corresponding chapters 5 and 6.

Threat Scenario

For IT baseline protection concerning computer viruses, the following typical threats will be considered.

Organisational Shortcomings:

Human Failure:

Deliberate Acts:

Recommended Countermeasures (S)

When a computer virus protection concept is created (see S 2.154 Creation of a computer virus protection concept), it must first be determined which of the available or planned IT systems are to be included in the computer virus protection concept (see S 2.155 Identification of IT systems potentially threatened by computer viruses). For these IT systems, the factors that influence the implementation of security measures must be taken into account. Based on this, the technical and organisational measures can then be selected. In this context, it is particularly important to select suitable technical countermeasures such as virus scanning programs (see S 2.156 Selection of a suitable computer virus protection strategy and S 2.157 Selection of a suitable computer virus scanning program). In addition to setting up a report body (see S 2.158 Reporting computer virus infections) and coordinating the updating of protection products used (see S 2.159 Updating the computer virus scanning programs used), a series of regulations for implementing the concept are to be agreed (see S 2.11 Regulations on computer virus protection) in which additional safeguards required for virus protection are specified.
One of the most important safeguards for protecting computers against damage from viruses is regular data backup (see S 6.32 Regular data backup).

For the implementation of IT baseline protection, we recommend selecting the required packages of safeguards ("modules") as described in chapters 2.3 and 2.4.
Additional recommended literature is volume 2 the German Information Security Agency's series of scripts on IT security "Information on computer viruses" (German only).

Organisation:

Personnel:

Hardware/Software:

Contingency Planning:


© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update on 6 April 2000