Questions and Answers
Who is responsible for providing timely updates and support for anti-virus software?
Third Party Vendors
Which devices must have continuous anti-virus protection and regular updates?
Workstations and laptops
What is required for network gateway and mail servers in terms of anti-virus protection?
A different anti-virus solution
Who may face disciplinary action for violating the policy?
Signup and view all the answers
What must be done with new code before production?
Signup and view all the answers
Which operating systems must have anti-virus protection when connected to the network?
Signup and view all the answers
Who is responsible for scanning suspicious emails and media?
Signup and view all the answers
What must be avoided by users?
Signup and view all the answers
What is required for laptops outside the trusted network?
Signup and view all the answers
Study Notes
Anti-virus and Malicious Code Policy Overview
- The policy aims to protect all networks, information processing facilities, and mobile computing devices from viruses, worms, Trojans, spyware, and malware.
- It is created to meet PCI DSS requirements and applies to all company-controlled devices and equipment connecting to the company network.
- The policy outlines roles and responsibilities for Client, Server, and Anti-Virus Administrators, IT Security Manager, Users, and Third Party Vendors.
- It requires approved anti-virus software installation, constant monitoring, and strict control over external files and software.
- Users are responsible for scanning suspicious emails and media, avoiding unapproved software, and reporting any virus incidents to the IT Helpdesk.
- Third Party Vendors are responsible for providing timely updates and support for anti-virus software.
- The policy mandates proactive and periodic virus scanning, scanning of new code before production, and scanning files from external sources.
- All systems running Microsoft Windows and Linux/Unix operating systems connected to the network must have anti-virus protection.
- Workstations and laptops must have continuous anti-virus protection and regular updates, with alternative arrangements for laptops outside the trusted network.
- Servers must undergo scheduled checks and scans of files, while a different anti-virus solution is required for network gateway and mail servers.
- Any employee violating the policy may face disciplinary action, and deviations are only permitted with a valid business case reviewed and approved by the Security Management Team and/or Legal Counsel.
- The policy references the Payment Card Industry Data Security Standard (PCI DSS) as part of its requirements.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
