Malicious code protection is which type control?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
Malware, short for malicious software, is software designed to disrupt computer operation, gather sensitive information, or gain unauthorized access to computer systems.
As malicious code protection lists steps to protect against malware, it preserves the information integrity of the enterprise.
Hence Malicious code protection is System and information integrity control.
This family of controls provides information to maintain the integrity of systems and data.
Incorrect Answers: A: Malicious code protection is not a Configuration management control.
Configuration management control is the family of controls that addresses both configuration management and change management.
Change control practices prevent unauthorized changes.
C: Malicious code protection is not a Media protection control.
Media Protection includes removable digital media such as tapes, external hard drives, and USB flash drives.
It also includes non-digital media such as paper and film.
This family of controls covers the access, marking, storage, transport, and sanitization of media.
D: Malicious code protection is not a Personal security control.
The Personal security control is a family of controls including aspects of personnel security.
It includes personnel screening, termination, and transfer.
The correct answer is B. System and information integrity control.
Malicious code protection is a control that aims to protect against the introduction of malicious code, such as viruses, Trojans, and worms, into a system or network. This type of control falls under the System and Information Integrity (SI) domain of the NIST Cybersecurity Framework (CSF) and is intended to ensure the confidentiality, integrity, and availability of information systems and data.
SI controls focus on protecting against unauthorized access, data corruption, and other threats to information systems and data. Malicious code protection is a critical element of SI controls because it can prevent malware from infecting systems and spreading to other systems or networks.
Configuration management controls (A) are designed to ensure that information systems are configured and maintained in a secure and reliable manner. Media protection controls (C) are designed to prevent unauthorized access to and tampering with physical media, such as tapes, disks, and other storage devices. Personal security controls (D) are designed to protect individuals from physical harm, harassment, or other threats.
In summary, malicious code protection is an SI control that helps to prevent malware from infecting systems and networks, thereby protecting the confidentiality, integrity, and availability of information systems and data.