Skip to main content
Malware Protection in ISO 27799

Malware Protection in ISO 27799

$349.00
Who trusts this:
Trusted by professionals in 160+ countries
Toolkit Included:
Includes a practical, ready-to-use toolkit containing implementation templates, worksheets, checklists, and decision-support materials used to accelerate real-world application and reduce setup time.
How you learn:
Self-paced • Lifetime updates
When you get access:
Course access is prepared after purchase and delivered via email
Your guarantee:
30-day money-back guarantee — no questions asked
Adding to cart… The item has been added

This curriculum spans the equivalent depth and specificity of a multi-workshop technical advisory engagement, addressing real-world implementation challenges in healthcare environments such as legacy medical device constraints, clinical workflow integration, and regulatory alignment with ISO 27799 across complex, hybrid IT systems.

Module 1: Aligning Malware Protection with ISO 27799 Control Objectives

  • Select whether to extend ISO 27799 malware controls to cover third-party hosted EHR systems based on data residency and processing agreements.
  • Determine the scope of malware protection controls for legacy medical devices that cannot support endpoint agents due to OS constraints.
  • Map ISO 27799 A.12.2.1 to existing technical controls in electronic health record (EHR) environments, ensuring audit logging captures malware detection events.
  • Decide whether to enforce malware scanning on personal devices used in bring-your-own-device (BYOD) telehealth programs, balancing privacy and compliance.
  • Integrate malware incident response procedures with ISO 27799 A.16.1.5, ensuring alignment with health information breach reporting timelines.
  • Assess whether cloud email gateways satisfy ISO 27799 A.13.2.3 for malware filtering in hybrid Microsoft 365 and on-prem Exchange environments.
  • Document exceptions to malware control implementation for clinical systems with uptime requirements exceeding patching maintenance windows.
  • Validate that mobile device management (MDM) policies for tablets used in patient intake enforce malware protection consistent with A.6.2.2.

Module 2: Risk Assessment and Threat Modeling for Healthcare Assets

  • Conduct threat modeling for Picture Archiving and Communication Systems (PACS) to evaluate malware risks from DICOM file transfers.
  • Classify medical IoT devices (e.g., infusion pumps, monitors) based on vulnerability exposure and determine appropriate malware mitigation tiers.
  • Use STRIDE to evaluate spoofing and tampering risks in HL7 message interfaces that could deliver malware payloads.
  • Identify high-value targets such as research databases containing genomic data for prioritized malware defense allocation.
  • Assess the risk of supply chain malware introduced via third-party software updates for radiology information systems (RIS).
  • Quantify the impact of ransomware on emergency department operations using business impact analysis (BIA) data.
  • Update asset inventories to include virtualized desktop infrastructure (VDI) instances used for remote clinical access.
  • Integrate threat intelligence feeds focused on healthcare-targeted malware (e.g., MedJack, RYUK) into risk scoring models.

Module 3: Endpoint Protection Platform (EPP) and EDR Deployment

  • Select EPP vendors based on compatibility with Windows 10 IoT Enterprise used in clinical workstations and anesthesia machines.
  • Configure EDR sensors to exclude real-time scanning on anesthesia delivery system folders to prevent performance interference.
  • Define containment actions for EDR alerts on domain controllers hosting Active Directory Certificate Services for digital health certificates.
  • Implement application allowlisting on pharmacy dispensing terminals to prevent unauthorized software execution.
  • Coordinate EPP deployment schedules with clinical IT to avoid conflicts during patient admission surges.
  • Configure cloud workload protection for virtualized EHR application servers in AWS and Azure environments.
  • Adjust heuristic analysis sensitivity on pathology lab image analysis workstations to reduce false positives from large file processing.
  • Enforce firmware integrity checks on endpoint BIOS/UEFI for imaging equipment using Intel vPro or AMD PSP.

Module 4: Email and Web Gateway Security Controls

  • Configure secure email gateways to block .js, .vbs, and .zip attachments in inbound messages to clinical staff mailboxes.
  • Implement URL rewriting in web proxies to inspect HTTPS traffic for malware in cloud-based telehealth platforms.
  • Enforce sandboxing of all Office 365 email attachments containing macros before delivery to physician inboxes.
  • Whitelist medical journal websites in web filters while maintaining malware scanning for embedded scripts.
  • Deploy DMARC, DKIM, and SPF to prevent phishing emails impersonating hospital executive leadership.
  • Monitor proxy logs for anomalous POST requests from clinical workstations indicating potential malware beaconing.
  • Isolate web gateway update mechanisms from general internet access to prevent compromise of security infrastructure.
  • Configure content disarm and reconstruction (CDR) for all files downloaded from patient portal interfaces.

Module 5: Patch Management and Vulnerability Remediation

  • Schedule out-of-band patching for critical vulnerabilities (e.g., PrintNightmare) affecting clinical printing servers.
  • Coordinate with biomedical engineering teams to apply OS patches on connected devices during scheduled maintenance windows.
  • Use virtual patching via WAFs to protect unpatched legacy laboratory information systems (LIS) from exploit-based malware.
  • Implement automated rollback procedures for failed patches on EHR application servers.
  • Validate patch integrity using digital signatures before deployment to radiology reporting workstations.
  • Track unpatchable systems in a risk register with compensating controls such as network segmentation.
  • Integrate vulnerability scanner results with SIEM to correlate unpatched systems with malware detection events.
  • Enforce patch compliance for third-party vendor-managed systems through service level agreements (SLAs).

Module 6: Network Segmentation and Access Control

  • Design VLANs to isolate infusion pump networks from general hospital Wi-Fi while allowing telemetry to central monitoring.
  • Implement micro-segmentation for EHR database servers to restrict lateral movement after endpoint compromise.
  • Configure firewall rules to block outbound SMB traffic from non-server endpoints to prevent WannaCry propagation.
  • Enforce 802.1X authentication on clinical workstations to prevent unauthorized device connection to internal networks.
  • Deploy air-gapped backup networks for critical imaging archives to prevent ransomware encryption.
  • Use role-based firewall policies to restrict access to pharmacy inventory systems based on job function.
  • Monitor east-west traffic for DNS tunneling indicative of malware exfiltration from patient registration terminals.
  • Implement dynamic segmentation using SDN for temporary telehealth kiosks in outpatient clinics.

Module 7: Incident Response and Malware Containment

  • Define escalation thresholds for malware incidents based on number of infected endpoints in intensive care units.
  • Activate incident playbooks for ransomware in dialysis centers, prioritizing restoration of treatment scheduling systems.
  • Preserve memory dumps from infected anesthesia workstations for forensic analysis while maintaining patient safety.
  • Coordinate with public health authorities when malware impacts immunization record reporting systems.
  • Isolate compromised Active Directory servers using physical network disconnects to prevent credential theft.
  • Deploy temporary VLANs for clean workstations during large-scale malware outbreaks in emergency departments.
  • Document chain of custody for forensic images taken from pathology lab computers for potential legal proceedings.
  • Conduct post-incident tabletop exercises with clinical leadership to refine response procedures.

Module 8: Backup and Recovery Assurance

  • Validate backup integrity for EHR databases using automated restore testing in isolated sandbox environments.
  • Store offline backups of radiation oncology treatment plans in fireproof safes to prevent ransomware access.
  • Implement immutable storage for backup snapshots in cloud environments using AWS S3 Object Lock.
  • Test recovery of DICOM image archives from tape backups to ensure compatibility with current PACS software.
  • Enforce multi-person authorization for backup deletion operations to prevent insider threats.
  • Monitor backup job logs for signs of tampering, such as unexpected job cancellations during malware attacks.
  • Replicate backup catalogs to geographically separate sites to maintain recovery metadata during disasters.
  • Verify encryption of backup media transported between hospital campuses using FIPS 140-2 validated modules.

Module 9: Third-Party and Supply Chain Risk Management

  • Audit software bills of materials (SBOMs) for medical device firmware to identify vulnerable open-source components.
  • Require antivirus compatibility testing from vendors before deploying new cardiology information systems.
  • Enforce contractual clauses requiring prompt disclosure of malware incidents affecting hosted health data platforms.
  • Assess malware protection capabilities of cloud service providers through SOC 2 Type II reports.
  • Monitor vendor remote access sessions to clinical systems for unauthorized file transfers or execution.
  • Validate that software updates from laboratory equipment manufacturers are digitally signed and verified.
  • Restrict USB port access on third-party service laptops used for biomedical device maintenance.
  • Conduct on-site assessments of data center providers to verify physical and logical malware controls.

Module 10: Governance, Audit, and Continuous Monitoring

  • Generate quarterly reports on malware detection rates by department for review by the healthcare security steering committee.
  • Map EDR alert coverage to ISO 27799 A.12.4.1 and identify gaps in endpoint telemetry collection.
  • Conduct internal audits of antivirus exclusion lists to prevent abuse for malware evasion.
  • Integrate malware KPIs into executive dashboards, including mean time to detect and contain threats.
  • Review firewall rule changes monthly to eliminate overly permissive rules enabling malware communication.
  • Validate that SIEM correlation rules detect anomalous PowerShell usage indicative of malware execution.
  • Perform annual penetration tests focused on malware delivery vectors such as phishing and USB drops.
  • Update governance policies to reflect changes in telehealth infrastructure and associated malware risks.
!