Docstoc

Antivirus Policy sample

Document Sample
Antivirus Policy sample Powered By Docstoc
					Saber Corporation Antivirus Policy

Document Name Saber Corporation Antivirus Policy

Version No 1.0

Revision Date 02/10/08

Data Classification Saber Corporation Internal Use only

Data Owner Michael Dlesk

Reviewer

Approver

Saber Corp. – Internal Use Only

Saber Corporation Antivirus Policy
February 10th, 2008 Version 1.0

Saber Corp. – Internal Use Only

TABLE OF CONTENTS

PURPOSE OF POLICY:..................................................................................................4 THE PURPOSE OF THIS POLICY IS TO DEFINE RESPONSIBILITY FOR VIRUS CONTROL AND TO ENSURE THAT SABER CORPORATION SYSTEMS AND DATA ARE PROTECTED FROM MALICIOUS SOFTWARE. THE POLICY IS ALSO INTENDED TO ENSURE THAT THE SABER CORPORATION REPUTATION IS NOT DAMAGED BY THE EFFECTS OR TRANSMISSION OF MALICIOUS SOFTWARE TO THE SYSTEMS....................4 ANTIVIRUS POLICY:.....................................................................................................4 ESTABLISHED ANTIVIRAL PROCEDURES:...........................................................5 JUSTIFICATION AND VALIDATION:........................................................................6 SANCTIONS:.....................................................................................................................6

3 of 6

Purpose of Policy:
The purpose of this policy is to define responsibility for virus control and to ensure that Saber Corporation systems and data are protected from malicious software. The policy is also intended to ensure that the Saber Corporation reputation is not damaged by the effects or transmission of malicious software to the systems.

Antivirus Policy:
All computers (clients and servers) connected to the Saber Corporation computer network (herein referred to as "the network") or networked resources shall have the Saber Corporation Standard anti-virus software, the current antivirus standard is Symantec Antivirus software for desktops and servers at the OS level, (herein referred as Symantec) and Sybari Antigen for E-mail gateway, (herein referred as Antigen). All the workstations and Servers will be installed, configured, activated, and updated with the latest version of virus definitions before or immediately upon connecting to the network. The Symantec liveUpdate feature is used to automatically update the definition files on the parent servers. LiveUpdate definitions are updated weekly, except for major outbreaks, when definitions are updated more often. Since Symantec liveUpdate definition files are released on a weekly basis, the intelligent update definitions are downloaded manually by the Antivirus server administrator and installed on the corporate antivirus servers to ensure the desktops and servers have the latest definition files at all time. All computers in the Saber Corporation network are built using a standard Norton Ghost image, which include the Symantec Antivirus Client Software. The latest antivirus definitions are downloaded and installed automatically from the corporate antivirus servers located in our Datacenters. Antigen is the software that is currently used in all the e-mail servers for virus protection. Antigen prevents the spread of viruses by scanning all messages in real-time, with minimal impact on server performance or delivery times of messages. The servers are configured to download the definition files from internet on a daily basis. Sybari Spam Manager V2.0 is also installed on all the exchange servers which provides Keyword Message Body Filtering, Mail host filtering with Real-Time Blackhole List (RBL) integration, and enhanced File and Content Filtering. Saber Corporation IT Security strongly advises that:
• •

Make sure it’s connected to the Parent Server (col-nav-new) and Virus definitions to the latest date. File System Real Time protection should be enabled. o Should include all file types

4 of 6

o o

When virus is detected the default should be to remove virus from the file, else quarantined. All removable media should be scanned on access.

All the above security measures are automated by enabling the required settings in the corporate Antivirus Servers, and the users will not be able to change the settings in their desktops. When an enterprise-wide virus attack is in progress, Saber Corporation IT Security team shall notify the user community via the best available methods and all files on all hard drives should be scanned immediately using the newest virus definitions available. Other operating systems or computing platforms shall have comparable protection, if available. In the event that no antivirus protection is available for a particular operating system or platform, anyone using or accessing these unprotected systems shall apply all prudent security practices to prevent infection, when antivirus software becomes available for an operating system or platform previously lacking antivirus software, it shall be installed on all applicable devices connected to the network. Any exceptions to this policy must be explicitly approved by the Saber Corporation IT Security and the Chief Information Officer.

Established Antiviral Procedures:
Computers purchased for large-scale rollouts are delivered only after imaging them with standard images that incorporate Symantec Antivirus (SAV) clients. Whenever Saber Corporation IT personnel setup a new computer, they ensure that SAV is installed before connecting the computer to the network. Virus definitions are updated prior to releasing the computers to the users. All other future virus definition updates are automatic. Distributed software includes documentation for proper installation, configuration, and use of the software (including instructions for automating file scanning and virus definition updates). Saber Corporation maintains a well publicized user-oriented website containing this documentation on its intranet site and the user community is updated via the same means during any virus alerts. Symantec provides new incremental updates of program code and virus definitions via the Live Update utility built into SAV. In short, everyone connected to the Saber Corporation network has easy access to SAV updates. IT Support Services provide end-user support and forwards virus-related service requests (coded with high priority by default) to the appropriate group for rapid response. The IT Operations team provides second-level support to user community. The Server Administrators provide antivirus support for servers. IT Security provides enterprise-level antivirus support and coordinates all rapid responses to enterprise-level virus attacks. All virus related incidents will be reported to Saber Helpdesk. Standards if any as stipulated and or dictated by specific client/ project requirements or contractual obligations are handled on a need basis. Such deviations are documented and

5 of 6

implemented upon mutual agreement between Security teams of Saber Corporation and the respective clients.

Justification and Validation:
Availability, performance, and security of the network represent essential core assets to the daily operation of the Saber Corporation. Viruses and other forms of malicious code (worms, Trojans, backdoors, VBS scripts, mass-mailers, etc.) represent a significant threat to these assets. In order to combat this threat, a comprehensive Saber Corporation enterprise Security Policy includes antivirus provisions to detect, remove, and protect against viral infections. Saber Corporation Antiviral procedures includes identification of current and potential viral threats, computers and systems at risk of infection, files at risk of infection, infected computers, and infected files. Infection patterns are tracked and analyzed to identify chronic internal and external threats. Antivirus activities are centrally managed. New viruses represent a continual threat, requiring continual research to plan proactive measures against them. Users are educated about viral threats and the computing practices required protecting against infection as part of the IT security briefings. Whenever a new viral threat appears, the user community is warned about the new threat. Up-to-date antivirus software is distributed and its availability advertised to the Saber Corporation community. Infected computers are cleared of viral infections immediately. Files that can be cleaned should have the viral code removed, thus returning them to pre-infected state. Files that cannot be cleaned are quarantined until such time as they can be replaced with uninfected copies. If all efforts at removing viral infection fail, the computer's hard drive is formatted and all software reinstalled using clean licensed copies. If an infected computer is deemed capable of infecting or affecting

Sanctions:
If deemed necessary to prevent viral propagation to other networked devices or detrimental effects to the network, computers infected with viruses or other forms of malicious code (herein collectively referred to as "virus" or "viruses") shall be disconnected from the network until the infection has been removed. The infected computer is disconnected from the network until it is serviced by a Saber Corporation IT representative or designee who will verify that the computer is virus-free.

6 of 6


				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:3503
posted:9/30/2009
language:English
pages:6