procedures, and plans should include how to minimize the likelihood of a malicious code outbreak; how to…(§ 2.8.17, § 3.5.71, Australian Government ICT Security Manual (ACSI 33))