Questions and Answers
Who is responsible for providing timely updates and support for anti-virus software?
Third Party Vendors
What is required for workstations and laptops in terms of anti-virus protection?
Continuous protection and regular updates
What must servers undergo in terms of checks and scans?
Scheduled checks and scans of files
Which systems must have anti-virus protection according to the policy?
Signup and view all the answers
What is the consequence for an employee violating the policy?
Signup and view all the answers
Who is responsible for scanning suspicious emails and media?
Signup and view all the answers
What is required for network gateway and mail servers in terms of anti-virus solution?
Signup and view all the answers
What is the alternative arrangement required for laptops outside the trusted network?
Signup and view all the answers
What is the policy's reference standard regarding its requirements?
Signup and view all the answers
Study Notes
Anti-virus and Malicious Code Policy Overview
- The policy aims to protect all networks, information processing facilities, and mobile computing devices from viruses, worms, Trojans, spyware, and malware.
- It is created to meet PCI DSS requirements and applies to all company-controlled devices and equipment connecting to the company network.
- The policy outlines roles and responsibilities for Client, Server, and Anti-Virus Administrators, IT Security Manager, Users, and Third Party Vendors.
- It requires approved anti-virus software installation, constant monitoring, and strict control over external files and software.
- Users are responsible for scanning suspicious emails and media, avoiding unapproved software, and reporting any virus incidents to the IT Helpdesk.
- Third Party Vendors are responsible for providing timely updates and support for anti-virus software.
- The policy mandates proactive and periodic virus scanning, scanning of new code before production, and scanning files from external sources.
- All systems running Microsoft Windows and Linux/Unix operating systems connected to the network must have anti-virus protection.
- Workstations and laptops must have continuous anti-virus protection and regular updates, with alternative arrangements for laptops outside the trusted network.
- Servers must undergo scheduled checks and scans of files, while a different anti-virus solution is required for network gateway and mail servers.
- Any employee violating the policy may face disciplinary action, and deviations are only permitted with a valid business case reviewed and approved by the Security Management Team and/or Legal Counsel.
- The policy references the Payment Card Industry Data Security Standard (PCI DSS) as part of its requirements.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
