Requirement 5: Protect All Systems and Networks from Malicious Software
Malicious software (malware) is software or firmware designed to infiltrate or damage a computer system without the owner's knowledge or
consent, with the intent of compromising the confidentiality, integrity, or availability of the owner’s data, applications, or operating system.
Examples include viruses, worms, Trojans, spyware, ransomware, keyloggers, and rootkits, malicious code, scripts, and links.
Malware can enter the network during many business-approved activities, including employee e-mail (for example, via phishing) and use of the
Internet, mobile computers, and storage devices, resulting in the exploitation of system vulnerabilities.
Using anti-malware solutions that address all types of malware helps to protect systems from current and evolving malware threats
Go on to Requirement 6 - Secure Systems.
Go back to Requirement 4 - Data Encryption.