|
|
|
|
|
|
by lima
3434 days ago
|
|
|
No, there's nothing in ISO 27001 that says "you must have antivirus". You do a risk assessment, and if you can reasonably argue that you can mitigate the risk without antivirus, you're fine. It's different with PCI-DSS and other standards: those actually have stricter requirements (you don't get to do a risk assessment yourself). Ping me if you have more questions! Glad to elaborate. |
|
|