Does your organization have systems in place to detect malicious code as part of your continuous monitoring program?
Explanation
Malicious code detection is a critical component of cybersecurity defense that identifies potentially harmful software such as viruses, worms, trojans, ransomware, and other malware before they can compromise systems. Effective detection requires multiple layers including signature-based detection, behavioral analysis, and anomaly detection to identify both known and novel threats.
Evidence could include documentation of deployed anti-malware solutions (such as endpoint protection platforms), intrusion detection/prevention systems configuration details, security information and event management (SIEM) reports showing malware detection events, or malicious code incident response procedures that demonstrate how detected threats are handled.
Context
- Function
- DE: DETECT
- Category
- DE.CM: Continuous Monitoring
- Sub-Category
- Malicious code is detected
Related questions
- Does your organization have a system in place to monitor DNS, BGP, and other critical network services for suspicious or malicious activities?
- Does your organization implement network monitoring controls to detect and alert on unauthorized endpoint connections to both wired and wireless networks?
- Does your organization have a process to regularly monitor facilities for unauthorized or rogue wireless networks?
- Does your organization regularly compare actual network traffic flows against established baselines to detect and investigate deviations?
- Does your organization continuously monitor network communications to detect changes in security postures as part of a zero trust architecture?
- Does your organization monitor physical access control logs for unusual patterns and failed access attempts?

