3.6 Concept of computer virus protection
The aim of the concept of computer virus protection is to create suitable safeguards with which the occurrence of computer viruses in the IT systems of an organisation can be prevented or detected as early as possible. In this way, countermeasures can be taken and possible damage can be minimised. In the protection against computer viruses it is essential that the safeguards are consistently adhered to and that technical countermeasures are constantly updated. This requirement is due to the continual occurrence of new computer viruses or variants of viruses. The development of operating systems, programming languages and application software may also provide opportunities for computer viruses to attack. This should therefore be taken into account and suitable countermeasures should be taken.
Since computers in government agencies or companies are increasingly integrated in local networks or connected to public communication networks, passing on data via means other than floppy disks can create additional infection paths for computer viruses. This often makes it necessary to continually check for viruses in the computers used.
In order to protect an entire organisation effectively against computer viruses,
this chapter describes the steps that have to be taken to create and implement a concept
of computer virus protection.
Recommended safeguards for protection against computer viruses can be found in the corresponding chapters 5 and 6.
For IT baseline protection concerning computer viruses, the following typical threats will be considered.
Recommended Countermeasures (S)
When a computer virus protection concept is created (see S 2.154 Creation of a computer virus
protection concept), it must first be determined which of the available or planned IT systems are to be
included in the computer virus protection concept (see S 2.155 Identification of IT systems potentially
threatened by computer viruses). For these IT systems, the factors that influence the implementation of
security measures must be taken into account. Based on this, the technical and organisational measures
can then be selected. In this context, it is particularly important to select suitable technical
countermeasures such as virus scanning programs (see S 2.156 Selection of a suitable computer virus
protection strategy and S 2.157 Selection of a suitable computer virus scanning program). In addition
to setting up a report body (see S 2.158 Reporting computer virus infections) and coordinating the
updating of protection products used (see S 2.159 Updating the computer virus scanning programs
used), a series of regulations for implementing the concept are to be agreed (see S 2.11 Regulations on
computer virus protection) in which additional safeguards required for virus protection are specified.
One of the most important safeguards for protecting computers against damage from viruses is regular data backup (see S 6.32 Regular data backup).
For the implementation of IT baseline protection, we recommend selecting the required packages of
safeguards ("modules") as described in chapters 2.3 and 2.4.
Additional recommended literature is volume 2 the German Information Security Agency's series of scripts on IT security "Information on computer viruses" (German only).
© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000
Last Update on 6 April 2000