Info-Sec Anti-Virus

Contents

Purpose

To provide guideline for the use of Anti-Virus Software at Albany State University (ASU)

Scope

This policy applies to all students, faculty, and staff who have desktop, workstations and laptops/notebooks which are either physically or remotely connected to the Albany State University network. This policy also applies to contractors and temporary staff whose personal laptops will connect to the Albany State University network (if applicable).

Terms

Antivirus software consists of computer programs that attempt to identify, thwart and eliminate computer viruses and other malicious software by examining (scanning) files to look for known viruses matching definitions in a virus dictionary and/or identifying suspicious behavior from any computer program which might indicate infection.

Policy

All student, faculty, and staff desktops, workstations and laptops/notebooks, running Windows or Macintosh operating systems, and which are either physically or remotely connected to the Albany State University network will have a passive anti-virus detection and removal application installed and active on those desktops, workstations and laptops/notebooks.

Introduction

The internal computers systems, networks and data repositories of Albany State University are critical resources of the University and must be protected against unauthorized access, malicious access, and disruption of service. Active measures are necessary to lessen the opportunity for such incidents. Rising frequency of security incidents involving network-attached devices significantly increases the probability of major disruptions to the internal computer systems of the University. Statistics indicate that a very large percentage of potentially damaging incidents can be avoided by the use of existing anti-virus detection and elimination procedures. Establishing policy centrally and issuing standards and utilities from a central authority allows for rapid incident response and continuous update of protection methods. In order to reduce the opportunity for introduction of viruses and Trojan Horses, all student, faculty, and staff desktops, workstations and laptops/notebooks, running Windows or Macintosh operating systems, and which are either physically or remotely connected to the Albany State University network will have a passive anti-virus detection and removal application installed and active on those desktops, workstations and laptops/notebooks. Users are responsible for ensuring that anti-virus files are kept up to date.

Standards

Faculty and Staff Employees: The University provides a site-wide license ) Anti-Virus, which is available to all faculty and staff members. This application, when installed using OIT-provided instructions, allows for the least amount of interruption or activity required from end users. Installation should be configured for automatic scanning and automatic updates. Users who know of or expect interference between the anti-virus software and another application running on their workstations or laptops must contact the University Security Officer to evaluate and agree to a work around.

Individual users (including but not limited to students, guests, contractors, and temporary employees): Individual users must procure their own anti-virus software for use on a personal computer which will be connected to the ASU network. It is the responsibility of the individual user, in conjunction with their respective supervisor, to ensure that all University-owned computers on which they work have up-to-date anti-virus installed and configures.

Compliance

Faculty and Staff Employees:Vice-Presidents, Administrative Unit Directors, and Deans are responsible for monitoring compliance by their respective users with this policy and associated standards by:

  • Directing administrators of Windows© and Macintosh© machines in their respective organizations that are provided by the University and connected to the University network to install approved anti-virus software
  • Directing reviews of and action on, reports on compliance with this policy that are generated by Office of Information Technology

Individual users (including but not limited to students, guests, contractors, and temporary employees): Individual users must procure their own anti-virus software for use on a personal computer which will be connected to the ASU network. It is the responsibility of the individual user, in conjunction with their respective supervisor, to ensure that all University-owned computers on which they work have up-to-date anti-virus installed and configures.

Accountability

Violation of this policy may subject the user to sanctions, including the loss of computer and/or network access privileges, disciplinary action, suspension, termination of employment, dismissal from ASU, and/or legal action.

Contacts

  • Albany State University Chief Information Officer
  • Albany State University Chief Information Security Officer

References

  • ASU ITS Security Website: https://wwww.asurams.edu/information-security
  • USGBOR Handbook: http://www.usg.edu/information_technology_handbook/section5
  • SANS Institute: http://www.sans.org

Version History

College and Departmental IT contacts will provide recommendations to ASU ITS for the development and revision of standards. ITS will forward recommendations for changes and rationales for the changes to the Campus Technology Committee for consideration of future funding. Instruction and assistance on installation and maintenance of anti-virus software will be developed and offered by College and Departmental IT contacts in coordination with ITS.

Date, version number and description of creation or change of the policy
Date Version Description
April 14, 2007 1.0 First release
August 11, 2015 1.2 Removed vendor name for anti virus, was Symantec (Norton)