Living off the land (LotL) is an attack technique where the attacker exclusively uses pre-installed, legitimate operating system tools — such as PowerShell, WMI, certutil, or PsExec. Because no additional malware is introduced, LotL attacks bypass many traditional antivirus solutions. Detection is difficult because the tools are also used in normal operations. For your ISMS this means that signature-based detection alone is insufficient. You need behavior-based monitoring, logging of all script executions (e.g., PowerShell transcription logging), and strict restrictions on which administration tools are available on endpoints.