Malware Defense as a Cybersecurity Monitoring Activity:

Malware defense refers to the use of antivirus software, endpoint detection and response (EDR), behavior analysis, and real-time monitoring to detect and block malicious code before it can be installed on an organization's systems.

It helps prevent infections from viruses, ransomware, spyware, trojans, and worms that can disrupt business operations.

IIA GTAG (Global Technology Audit Guide) on Cybersecurity states that monitoring tools should proactively detect and neutralize threats before they can execute malicious actions.

A. Boundary defense (Incorrect)

Boundary defense includes firewalls, intrusion detection/prevention systems (IDS/IPS), and network segmentation, which control external access but do not directly monitor and remove malware.

Malware can still enter through phishing emails, infected USB drives, or compromised internal systems.

C. Penetration tests (Incorrect)

Penetration tests simulate attacks to identify vulnerabilities, but they do not actively monitor and prevent malware from being installed.

They help improve security but are not a continuous monitoring activity.

D. Wireless access controls (Incorrect)

Wireless security helps prevent unauthorized network access, but it does not specifically monitor and block malware installation.

Malware can still spread via legitimate access points, infected devices, or phishing attacks.

Explanation of Answer Choice B (Correct Answer):Explanation of Incorrect Answers:Conclusion:To deter disruptive codes (malware) from being installed, organizations should implement continuous malware defense (Option B), including antivirus software, endpoint security, and behavioral analytics.

IIA References:

IIA GTAG - Cybersecurity

IIA Standard 2120 - Risk Management