Podcast
Questions and Answers
Who is responsible for providing timely updates and support for anti-virus software?
Who is responsible for providing timely updates and support for anti-virus software?
What is required for workstations and laptops in terms of anti-virus protection?
What is required for workstations and laptops in terms of anti-virus protection?
What must servers undergo in terms of checks and scans?
What must servers undergo in terms of checks and scans?
Which systems must have anti-virus protection according to the policy?
Which systems must have anti-virus protection according to the policy?
Signup and view all the answers
What is the consequence for an employee violating the policy?
What is the consequence for an employee violating the policy?
Signup and view all the answers
Who is responsible for scanning suspicious emails and media?
Who is responsible for scanning suspicious emails and media?
Signup and view all the answers
What is required for network gateway and mail servers in terms of anti-virus solution?
What is required for network gateway and mail servers in terms of anti-virus solution?
Signup and view all the answers
What is the alternative arrangement required for laptops outside the trusted network?
What is the alternative arrangement required for laptops outside the trusted network?
Signup and view all the answers
What is the policy's reference standard regarding its requirements?
What is the policy's reference standard regarding its requirements?
Signup and view all the answers
Study Notes
Anti-virus and Malicious Code Policy Overview
- The policy aims to protect all networks, information processing facilities, and mobile computing devices from viruses, worms, Trojans, spyware, and malware.
- It is created to meet PCI DSS requirements and applies to all company-controlled devices and equipment connecting to the company network.
- The policy outlines roles and responsibilities for Client, Server, and Anti-Virus Administrators, IT Security Manager, Users, and Third Party Vendors.
- It requires approved anti-virus software installation, constant monitoring, and strict control over external files and software.
- Users are responsible for scanning suspicious emails and media, avoiding unapproved software, and reporting any virus incidents to the IT Helpdesk.
- Third Party Vendors are responsible for providing timely updates and support for anti-virus software.
- The policy mandates proactive and periodic virus scanning, scanning of new code before production, and scanning files from external sources.
- All systems running Microsoft Windows and Linux/Unix operating systems connected to the network must have anti-virus protection.
- Workstations and laptops must have continuous anti-virus protection and regular updates, with alternative arrangements for laptops outside the trusted network.
- Servers must undergo scheduled checks and scans of files, while a different anti-virus solution is required for network gateway and mail servers.
- Any employee violating the policy may face disciplinary action, and deviations are only permitted with a valid business case reviewed and approved by the Security Management Team and/or Legal Counsel.
- The policy references the Payment Card Industry Data Security Standard (PCI DSS) as part of its requirements.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Discover key aspects of the policy designed to safeguard networks, information processing facilities, and devices from various forms of malicious software. Learn about roles and responsibilities, software requirements, scanning protocols, and consequences for policy violations.
