Questions and Answers
Is the policy designed to protect networks and devices from malicious software, including viruses, worms, Trojans, spyware, and malware?
True
Does the policy require all systems connected to the network running any version of Microsoft Windows to have an anti-virus solution installed?
True
Are specific guidelines provided for anti-virus scanning and configuration, including proactive and periodic scanning for viruses?
True
Is it required for users to be vigilant against unsolicited or suspicious emails, scan media from unknown sources for viruses, and report any suspected or detected viruses immediately?
Signup and view all the answers
Are different anti-virus solutions recommended for gateway virus scanning and email content scanning?
Signup and view all the answers
Is disciplinary action a possibility for policy violations, with deviations permitted only with a valid business case reviewed and approved by the Security Management Team and/or Legal Counsel?
Signup and view all the answers
Does the policy require third-party vendors to provide timely updates and support for the anti-virus solution on a 24x7 basis?
Signup and view all the answers
Is the policy's aim to meet PCI DSS requirements?
Signup and view all the answers
Is it mandatory for systems running any version of Microsoft Windows to have an anti-virus solution installed?
Signup and view all the answers
Study Notes
Anti-virus and Malicious Code Policy Overview
- The policy aims to protect networks and devices from malicious software, including viruses, worms, Trojans, spyware, and malware.
- It is designed to minimize the impact on business in case of a malicious software breach and to meet PCI DSS requirements.
- The policy applies to all information processing facilities and mobile computing devices under the company's control, including workstations, servers, and other technology.
- Roles and responsibilities are defined for client, server, and anti-virus administrators, IT security manager, users, and third-party vendors.
- The policy mandates the use of approved anti-virus software, regular scanning for viruses, and strict controls on obtaining files and software from external networks.
- Users are required to be vigilant against unsolicited or suspicious emails, scan media from unknown sources for viruses, and report any suspected or detected viruses immediately.
- The policy requires third-party vendors to provide timely updates and support for the anti-virus solution on a 24x7 basis.
- Specific guidelines are provided for anti-virus scanning and configuration, including proactive and periodic scanning for viruses and scanning of files received on removable media.
- All systems connected to the network running any version of Microsoft Windows must have an anti-virus solution installed, and a risk assessment is required for other operating systems.
- Different anti-virus solutions are recommended for gateway virus scanning and email content scanning, with specific requirements for scanning web traffic and email attachments.
- Enforcement measures include the possibility of disciplinary action for policy violations, with deviations permitted only with a valid business case reviewed and approved by the Security Management Team and/or Legal Counsel.
- The policy references the Payment Card Industry Data Security Standard (PCI DSS) as part of its requirements.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
