Malware represents a large threat to an IT environment. Malware refers to viruses, trojan horses, ransom-ware, ad-ware, spy-ware, and many other types of malicious software. A malware policy defines how to address malware, in particular, how to prevent and respond to infections.
Malware is a grave threat to IT systems and can lead to loss or disclosure of data, or loss of productivity due to downtime. A malware policy helps to avoid both the initial infection and the internal spread of malware.
It is expected that your organization has a malware policy that includes prevention, detection, response, and removal. This should include awareness training, anti-malware protections of machines and entry points (such as e-mail servers), and how malware will be detected on systems or in external communications. The policy should also define a procedure for the response to malware, including isolation and remediation.