Transcript
POLICY AND PROCEDURE MANUAL PBRC
POLICY NO. 605.00
Origin Date: 3/17/2009
Impacts:
All Personnel
Last Revised: 03/17/2009
Subject:
Anti-Virus
Effective: 05/14/2013
Source:
Computing Services
Version No. 2
Purpose A virus is a piece of potentially malicious programming code that will initiate some unexpected or undesirable event which may cause damage to or loss of data. Viruses can be transmitted via email or instant messaging attachments, downloadable Internet files, diskettes, and CDs. Viruses are usually disguised as a legitimate program, so their presence is not always detected by the computer user. A virus infection can be very costly to PBRC in terms of lost data, lost staff productivity, and/or loss of reputation. As a result, one of the goals of PBRC is to provide a computing network that is virus-free. The purpose of this policy is to provide instructions and prescriptive guidance on measures that must be taken by users of PBRC computing resources to help achieve effective virus detection and prevention. Applicability This policy is applicable to any user of PBRC computing resources including all employees, whether paid or on gratis appointments, full-time or part-time, students, faculty (including adjunct), administrators, and support personnel of any type, as well as contractors, nonemployee collaborators and employees of PBRC-related foundations. Further, the policy applies to all information resources whether individually controlled, shared, stand alone, or networked. Information resources in this policy are meant to include any information in electronic or audio-visual format or any hardware or software that make possible the storage and use of such information. This policy applies to all computer and computer communication facilities owned, leased, operated, or contracted by PBRC, including, but not limited to, desktop computers, laptop computers, network servers, minicomputers, and associated peripherals and software, whether used in administration, research, teaching, or for other purposes. Approved Software Computing Services has approved anti-virus software. Licensed copies of approved antivirus software are installed on each PBRC-owned or PBRC-operated computer during the deployment of the computer. For personally-owned computers that are being used for 1 Policy No. 605.00, Anti-Virus Policy
PBRC work-related purposes, the Computing Services Help Desk can assist in obtaining the latest version of the approved anti-virus software package. The most current available version of the approved anti-virus software package will be the accepted standard. All computers attached to the PBRC network must have the supported anti-virus software installed. This software must be active (on-access scanning enabled), be scheduled to perform virus checks at regular intervals, and have its virus definition files kept up to date. At a minimum, personally-owned computers must have an up-to-date industry recognized effective anti-virus software package installed and functioning with up-to-date virus definition files. For assistance in determining if a particular anti-virus software package is acceptable, users may contact the Help Desk. Any activities with the intention to create and/or distribute malicious programs onto the PBRC network (e.g. viruses, worms, Trojan horses, email bombs, etc.) are strictly prohibited. If a user receives what is believed to be a virus, or suspects that a computer is infected with a virus, it must be reported to the Help Desk immediately by phone (3-2586) or email (
[email protected]). Report the following information (if known): virus name, extent of infection, source of virus, and potential recipients of infected material. No user should attempt to defeat anti-virus software operation or attempt to manually destroy or remove a virus, or any evidence of that virus, without first contacting the Help Desk. Any virus-infected computer will be removed from the network until it is verified by Computing Services to be virus-free. Rules for Virus Prevention • • • • • • • • 2
Always run an up to date industry standard anti-virus software approved and provided by PBRC. Never open any files or macros attached to an email from an unknown, suspicious, or untrustworthy source. Never open any files or macros attached to an email from a known source (even a coworker) if you were not expecting a specific attachment from that source. Be suspicious of email messages containing links to unknown Web sites. It is possible that the link is a malicious executable (.exe) file disguised as a link. Do not click on a link sent to you if you were not expecting a specific link. Never copy, download, or install files from unknown, suspicious, or untrustworthy sources or removable media. Avoid direct disk sharing with read/write access. Always scan removable media for viruses before using it. If instructed to delete email messages believed to contain a virus, be sure to also delete the message from your Deleted Items or Trash folder. Always store critical data and systems configurations on the network file server. Policy No. 605.00, Anti-Virus Policy
•
Regularly update virus protection on personally-owned home computers that are used for business purposes. This includes installing recommended security patches for the operating system and other applications that are in use.
Computing Services Responsibilities The following activities are the responsibility of Computing Services: •
• • •
•
• •
Keeping the anti-virus products it provides up-to-date in terms of both virus definitions and software version in use. NOTE: This responsibility applies only to workstations and servers deployed on the PBRC campus. Users of personally-owned home or laptop computers are expected to keep both the software and virus definitions up-to-date. Applying updates to the services it provides that are required to defend against threats from viruses. Installing and configuring anti-virus software on all PBRC owned and installed desktop workstations, laptops, and servers. Providing telephone support to PBRC employees in installing anti-virus software according to standards on personally-owned computers that will be used for business purposes. This support will be limited to “over-the-phone” support only. Computing Services may provide anti-virus software in these cases. Taking appropriate action to contain, remove, and assist in recovery from virus infections. In order to do so, Computing Services may be required to disconnect a suspect computer from the network or disconnect an entire segment of the network. Perform regular anti-virus sweeps of network files. To the extent possible, Computing Services will attempt to notify users of PBRC systems of any credible virus threats via email or telephone messages. Messages concerning such threats will always contain a subject line beginning: “[PBRC Computing Services Alert]”
Department and Individual Responsibilities The following activities are the responsibility of PBRC departments and employees: •
•
3
Departments that allow employees to use personally-owned computers for business purposes must notify Computing Services in writing (by email) of such use and require that the employee implement virus protection processes and procedures that are in keeping with this standard. All users of PBRC computing resources are responsible for taking reasonable measures to protect against virus infection by adhering to this standard and adopting “best practices” for email and computer use.
Policy No. 605.00, Anti-Virus Policy
•
Users must not attempt to either alter or disable anti-virus software installed on any computer attached to the PBRC network whether PBRC- or personally-owned unless instructed to do so by Computing Services personnel.
Enforcement Failure to comply with this policy may result in the suspension of computer usage privileges, disciplinary action, possible termination of employment and civil or criminal penalties.
4
Policy No. 605.00, Anti-Virus Policy
