Preventing Accidental Execution of Malicious Code
Ensure malicious code cannot accidentally run by treating it before storage or communication.
Plain language
This control is about making sure that bad software, which can harm your computers and steal your information, doesn't run by accident. It's important because if this harmful code does run, it can disrupt your business, damage your reputation, and cost a lot of money to fix.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2024
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for cyber security incidentsOfficial control statement
Malicious code, when stored or communicated, is treated beforehand to prevent accidental execution.
Why it matters
Failure to pre-treat malicious code can lead to accidental execution, resulting in data breaches, operational disruption, and financial loss.
Operational notes
Sanitise or quarantine captured malware samples (e.g., password-protect archives) before storing or sharing to prevent execution.
Implementation tips
- IT team should regularly scan all incoming files and emails for malware. Use trusted software solutions to carry out these scans automatically before any files are stored or sent to others. This helps catch harmful software before it has a chance to spread.
- System owners should create and apply rules for how files are handled. Clearly outline steps everyone must follow when opening, storing, or sharing files to ensure these don't accidentally run harmful code. Include training sessions to explain these rules to all employees.
- Managers should ensure the software that is used by staff is set to prevent automatic running of downloaded files. Confirm settings on all company computers are adjusted to block automatic execution unless manually overridden. This reduces the risk of harmful code running without your knowledge.
- Procurement teams should source software from reputable vendors who ensure their products are secure by default. Verify that any new software includes features to detect and block harmful code execution before installation.
- HR should coordinate training for staff on recognising suspicious files or links. Use real-world examples to educate employees about risks and encourage them to double-check unexpected attachments or links before opening them.
Audit / evidence tips
- AskThe latest malware scan reports: Request documentation showing regular scan results from IT GoodWill show consistent, timely scans with appropriate follow-up actions on any threats found
- AskThe file handling policy document: Request to see written guidelines on file storage and sharing practices GoodIs a well-structured document with clear, comprehensive guidelines
- AskSystem configuration settings: Request details on settings related to file execution restrictions GoodShows a consistent approach across all devices managed by the organisation
- AskRecords of software vendor assessments: Request documentation showing how vendors are chosen based on security features GoodShows vendor evaluations focused on security assurances
- AskStaff training logs relating to cybersecurity: Request training records that demonstrate staff attendance and understanding GoodIncludes regular sessions specifically addressing safe file handling and recognising threats
Cross-framework mappings
How ISM-1969 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| link Related (1) expand_less | ||
| Annex A 8.7 | Annex A 8.7 requires implementing and supporting measures to prevent and detect malware, including user awareness | |
E8
| Control | Notes | Details |
|---|---|---|
| sync_alt Partially overlaps (1) expand_less | ||
| E8-AH-ML2.3 | ISM-1969 requires treating malicious code prior to storage or communication to prevent accidental execution | |
| handshake Supports (2) expand_less | ||
| E8-RM-ML1.3 | ISM-1969 requires malicious code to be treated before storage or communication to prevent accidental execution | |
| E8-RM-ML3.2 | ISM-1969 requires that malicious code is treated before it is stored or communicated so it cannot be accidentally executed | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.