Sample Anti-Virus Standard:: Difference between revisions

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
No edit summary
Line 29: Line 29:
## Start-up scripts should be modified to run Company-approved anti-virus software that performs full scans of local disks and volumes upon start-up.
## Start-up scripts should be modified to run Company-approved anti-virus software that performs full scans of local disks and volumes upon start-up.
## Virus scan logs shall be reviewed daily for virus detection records and automated responses.
## Virus scan logs shall be reviewed daily for virus detection records and automated responses.
# Firewalls and Perimeter Network
# '''Firewalls and Perimeter Network'''
## Company-approved anti-virus software features and options, if available, should be implemented to stop viruses and other malicious code at the Company firewall(s) and perimeter network.
## Company-approved anti-virus software features and options, if available, should be implemented to stop viruses and other malicious code at the Company firewall(s) and perimeter network.
## All electronic mail messages and attachments shall be scanned, including compressed files, before they are allowed through the Company firewalls and perimeter network.
## All electronic mail messages and attachments shall be scanned, including compressed files, before they are allowed through the Company firewalls and perimeter network.

Revision as of 19:50, 15 January 2014

Sample Anti-Virus Standard

The Anti-Virus Standard builds on the objectives established in the Sample Asset Protection Standard, and provides specific instructions and requirements for protecting information assets from viruses and malicious code.

Objectives

  1. General
    1. The Company has approved and licensed anti-virus or virus detection software packages. The software packages are listed in the system of record.
    2. Company-approved anti-virus software must be installed on all Company servers and client workstations.
    3. Company-approved anti-virus software must be enabled at all times.
    4. Virus detection shall not be disabled on any computer resources equipped with anti-virus protection.
    5. Only Company authorized personnel can configure or approve modifications to the Company-approved anti-virus software configuration.
    6. Automatic notification features, if available, will be used to ensure appropriate Company personnel are aware of the general availability of anti-virus software executable or version upgrades.
    7. All licensed product executable or version upgrades to the anti-virus software shall be distributed and implemented within thirty (30) days from the contract implementation period accepted by the Company and the vendor. Distribution of virus detection software upgrades shall be expedited, as necessary, to effectively respond to security advisories or findings from assessment and monitoring activities.
    8. Automatic signature update features, if available, should be configured to perform automatic signature updates at least weekly.
    9. All new virus signatures shall be distributed and activated within ten (10) days from their release from the vendor. Distribution of virus signature updates shall be expedited, as necessary, to effectively respond to security advisories of findings from assessment and monitoring activities.
    10. New emergency virus signatures shall be distributed and activated within two (2) days from their release from the vendor.
    11. Viruses and malicious code shall not be intentionally installed or introduced in the Company computing environment.
    12. Log-in and start-up scripts should be modified to run Company-approved anti-virus software that checks system memory and boot sectors for viruses and malicious code upon login and start-up.
    13. Company-approved anti-virus software shall automatically scan files as they are accessed, executed and/or written to and from disk.
    14. Company-approved anti-virus software shall automatically scan exchangeable media such as floppy disks, in real-time, when they are accessed.
    15. All inbound and outbound files from non-Company networks (for example, public or shared networks) shall be scanned for viruses and malicious code using Company-approved anti-virus software.
    16. All detected virus infections shall be automatically "cleaned". If this feature is not available then all virus-infected files, programs, and systems shall be isolated and quarantined until they can be restored.
    17. All virus detection and infections should be reported immediately to Infrastructure Services and Information Security at 1-888-896-7580 and provide relevant information including name, employee number, phone number, description of the problem (i.e. detect virus, infected file, etc.), name of virus (if known), and the infected area.
    18. All virus scan logs must be maintained online for thirty (30) days and retained in accordance to the Auditing Activation Standard and applicable laws and regulations.
  2. Clients
    1. A full drive scan shall be performed at least weekly.
    2. All electronic mail messages and attachments shall be scanned, including compressed files. If a virus has been detected in a compressed file, it may only be reported and require decompression before automated actions such as cleaning can take place.
  3. Servers
    1. All local drives and volumes shall be scanned daily during periods of low utilization. Virus detection scans shall not conflict or interfere with other regularly scheduled system and operational activities (for example, backups, production batch jobs, etc.).
    2. Start-up scripts should be modified to run Company-approved anti-virus software that performs full scans of local disks and volumes upon start-up.
    3. Virus scan logs shall be reviewed daily for virus detection records and automated responses.
  4. Firewalls and Perimeter Network
    1. Company-approved anti-virus software features and options, if available, should be implemented to stop viruses and other malicious code at the Company firewall(s) and perimeter network.
    2. All electronic mail messages and attachments shall be scanned, including compressed files, before they are allowed through the Company firewalls and perimeter network.


Document Examples

Use these samples as a guide for your policy development. Fully customizable versions are available from The Policy Machine.