Anti-virus and Malicious Code Policy Overview

Questions and Answers

According to the policy, all systems running Microsoft Windows and Linux/Unix operating systems connected to the network must have anti-virus protection.

True

The policy mandates proactive and periodic virus scanning, scanning of new code before production, and scanning files from external sources.

True

Workstations and laptops must have continuous anti-virus protection and regular updates, with alternative arrangements for laptops outside the trusted network.

True

Servers must undergo scheduled checks and scans of files, while a different anti-virus solution is required for network gateway and mail servers.

True

The policy requires approved anti-virus software installation, constant monitoring, and strict control over external files and software.

True

According to the policy, any employee violating the policy may face disciplinary action, and deviations are only permitted with a valid business case reviewed and approved by the Security Management Team and/or Legal Counsel.

True

The policy references the Payment Card Industry Data Security Standard (PCI DSS) as part of its requirements.

True

Third Party Vendors are responsible for providing timely updates and support for anti-virus software.

True

The policy applies only to company-controlled devices and equipment connecting to the company network.

False

Study Notes

Anti-virus and Malicious Code Policy Overview

• The policy aims to protect all networks, information processing facilities, and mobile computing devices from viruses, worms, Trojans, spyware, and malware.
• It is created to meet PCI DSS requirements and applies to all company-controlled devices and equipment connecting to the company network.
• The policy outlines roles and responsibilities for Client, Server, and Anti-Virus Administrators, IT Security Manager, Users, and Third Party Vendors.
• It requires approved anti-virus software installation, constant monitoring, and strict control over external files and software.
• Users are responsible for scanning suspicious emails and media, avoiding unapproved software, and reporting any virus incidents to the IT Helpdesk.
• Third Party Vendors are responsible for providing timely updates and support for anti-virus software.
• The policy mandates proactive and periodic virus scanning, scanning of new code before production, and scanning files from external sources.
• All systems running Microsoft Windows and Linux/Unix operating systems connected to the network must have anti-virus protection.
• Workstations and laptops must have continuous anti-virus protection and regular updates, with alternative arrangements for laptops outside the trusted network.
• Servers must undergo scheduled checks and scans of files, while a different anti-virus solution is required for network gateway and mail servers.
• Any employee violating the policy may face disciplinary action, and deviations are only permitted with a valid business case reviewed and approved by the Security Management Team and/or Legal Counsel.
• The policy references the Payment Card Industry Data Security Standard (PCI DSS) as part of its requirements.

Description

Learn about the policy that aims to protect networks, information processing facilities, and mobile devices from viruses, worms, Trojans, spyware, and malware. Understand the roles and responsibilities outlined for various administrators, managers, users, and vendors. Explore the requirements for anti-virus software installation, monitoring, scanning protocols, and consequences for policy violations.