Protecting Against Malware
Chapter 1, “Understanding Core Security Principles” introduced the concept of defense-in-depth. At the top of the list of defense-in-depth concepts are policies and procedures, as shown in Chapter 1 (Figure 1-3). These policies and procedures can include requirements to protect against both malware and social-engineering attacks.
The “Thwarting Social-Engineering Attacks” section (later in this chapter) covers social engineering.
The primary protection against most malware is the use of antivirus (AV) software. AV software is discussed in depth in the following section. However, there are additional security steps that can be taken to protect systems from malware. Many organizations establish policies and procedures ...