Which organizational stakeholders are responsible for installing anti-malware software?
- System and network administrators
- CSIRT team
The proper way to address malware, according to the NIST SP800-61 r2, is to install anti-malware software. The stakeholder group responsible for that is the system and network administrators. It is part of their duties to keep it up to date.
It is not the responsibility of the Computer Security Incident Response Team (CSIRT). Their job is to identify and handle security incidents. It is not the responsibility of the Chief Information Security Officer. This role’s job is to manage security from a much higher level and to support all security efforts.
It is not the responsibility of the Chief Executive Officer. His job is to manage the entire organization, although this role’s support of all security efforts is critical.