Sunday, October 8, 2017

Should Antivirus software be part of your threat model?

Should Antivirus (AV) software be part of your threat model?  Strictly speaking, yes it probably should be.  AV is potentially dangerous to an organization and should be tested thoroughly before being deployed. As argued in the recent WSJ article about Kaspersky (note that the article is behind a pay wall), AV software could threaten the confidentiality of a protected system.

But as any infosec professional can tell you, information security is about more than just confidentiality. The security triad is referred to by the acronym CIA, which most reading this post will know stands for Confidentiality, Integrity, and Availability.  In every security program, one of these items takes precedence over the other two.

In the case of the NSA contractor who placed classified material on their home computer, confidentiality was clearly the most important of the three.  However, there are few organizations for whom a breach of confidentiality is really the most damaging impact.  In the vast majority of organizations, devastating compromises to integrity and availability would have a far greater impact to organizational health.

Read the full post (including scenarios for compromising integrity and availability) on the Rendition Infosec blog.