|
------- INDEX AND GLOSSARY. DO NOT CHANGE OR DELETE! ----------
Open IT Policy Index
-
Acceptable Use, Administrative or Special Access (Policy)
-
Acceptable Use, Email (Policy)
-
Acceptable Use, Internet (Policy)
-
Acceptable Use, Virtual Private Network (VPN) (Policy)
-
Access Controls, Account (Policy)
-
Account Management (Policy)
-
Change Management (Policy)
-
Computer Virus Prevention (Policy)
-
Contingency Planning (Policy)
-
Data Backup and Storage (Policy)
-
Data Marking, Handling, Processing, Storage, and Disposal (Policy)
-
Deferral of System Security Certification or Accreditation, Annual (Form)
-
General Information Security Management (Procedure)
-
Green Computing (Policy)
-
Incident Response (Policy)
-
Intrusion Detection (Policy)
-
Logging and Audit Trails (Policy)
-
Mobile Computing and Network Access (Policy)
-
Network Access (Policy)
-
Network Access Controls (Standard)
-
Network Configuration (Policy)
-
Network Data Privacy (Policy)
-
Password Management (Policy)
-
Personnel Security (Policy)
-
Physical Security (Policy)
-
Policy Application Checklist (Administrative Utility)
-
Secure Media and Data Handling (Procedure)
-
Secure Software Development Lifecycle (Standard)
-
Social Computing and Networking (Policy)
-
Software and Hardware Security Controls (Policy)
-
Spam and Unsolicited Commercial Email Prohibition (Policy)
-
System Security Certification/Accreditation, Annual (Form)
-
System Security Certification/Accreditation, Annual (Policy)
-
Telecommuting Agreement, Employee (Form)
-------------------------------------------------------------------------------------------------
Overview and Purpose
The number of computer security incidents and the resulting cost of business disruption and service restoration continue to escalate. Implementing solid security policies, blocking unnecessary access to networks and computers, improving user security awareness, and early detection and mitigation of security incidents are some of the actions that can be taken to reduce the
risk and drive down the cost of security incidents.
The purpose of the Computer
Virus Detection Policy is to describe the requirements for dealing with computer
virus,
worm and
Trojan Horse prevention, detection and cleanup.
Coverage
The [variable: Covered Organization] Computer
Virus Detection Policy applies equally to all individuals that use any [variable: Covered Organization]
Information Resources.
Definitions
General Terms
Roles and Functions
Virus Detection Policy
-
All workstations whether connected to the [variable: Covered Organization] network, or standalone, must use the [variable: Covered Organization] IS approved
virus protection software and configuration.
-
The
virus protection software must not be disabled or bypassed.
-
The settings for the
virus protection software must not be altered in a manner that will reduce the effectiveness of the software.
-
The automatic update frequency of the
virus protection software must not be altered to reduce the frequency of updates.
-
Each file
server attached to the [variable: Covered Organization] network must utilize [variable: Covered Organization] IS approved
virus protection software and setup to detect and clean viruses that may infect file shares.
-
Each
Email gateway must utilize [variable: Covered Organization] IS approved
email
virus protection software and must adhere to the IS rules for the setup and use of this software.
-
Every
virus that is not automatically cleaned by the
virus protection software constitutes a security
incident and must be reported to the Help Desk.
Enforcement
Violation of this policy may result in disciplinary action which may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of [variable: Covered Organization]
Information Resources access privileges, civil, and criminal prosecution.
Supporting Documentation
This policy is supported by the following rules, standards, and procedures:
-
[variable: internal documents (with links, if available)]
-
[variable: external documents (with links, if available)]
Policy Support Contact
-
[variable: title (not personal name) of role responsible for overseeing this procedure]
-
[variable: Contact information of office responsible for overseeing this procedure]
References
Policy Source Document(s)
State of Texas, Department of Information Resources
|
Open IT Policy Project 
