Anti-virus and Malicious Code Policy Overview

Questions and Answers

Is the policy designed to protect networks and devices from malicious software, including viruses, worms, Trojans, spyware, and malware?

True

Does the policy require all systems connected to the network running any version of Microsoft Windows to have an anti-virus solution installed?

True

Are specific guidelines provided for anti-virus scanning and configuration, including proactive and periodic scanning for viruses?

True

Is it required for users to be vigilant against unsolicited or suspicious emails, scan media from unknown sources for viruses, and report any suspected or detected viruses immediately?

True

Are different anti-virus solutions recommended for gateway virus scanning and email content scanning?

True

Is disciplinary action a possibility for policy violations, with deviations permitted only with a valid business case reviewed and approved by the Security Management Team and/or Legal Counsel?

True

Does the policy require third-party vendors to provide timely updates and support for the anti-virus solution on a 24x7 basis?

True

Is the policy's aim to meet PCI DSS requirements?

True

Is it mandatory for systems running any version of Microsoft Windows to have an anti-virus solution installed?

True

Study Notes

Anti-virus and Malicious Code Policy Overview

• The policy aims to protect networks and devices from malicious software, including viruses, worms, Trojans, spyware, and malware.
• It is designed to minimize the impact on business in case of a malicious software breach and to meet PCI DSS requirements.
• The policy applies to all information processing facilities and mobile computing devices under the company's control, including workstations, servers, and other technology.
• Roles and responsibilities are defined for client, server, and anti-virus administrators, IT security manager, users, and third-party vendors.
• The policy mandates the use of approved anti-virus software, regular scanning for viruses, and strict controls on obtaining files and software from external networks.
• Users are required to be vigilant against unsolicited or suspicious emails, scan media from unknown sources for viruses, and report any suspected or detected viruses immediately.
• The policy requires third-party vendors to provide timely updates and support for the anti-virus solution on a 24x7 basis.
• Specific guidelines are provided for anti-virus scanning and configuration, including proactive and periodic scanning for viruses and scanning of files received on removable media.
• All systems connected to the network running any version of Microsoft Windows must have an anti-virus solution installed, and a risk assessment is required for other operating systems.
• Different anti-virus solutions are recommended for gateway virus scanning and email content scanning, with specific requirements for scanning web traffic and email attachments.
• Enforcement measures include the possibility of disciplinary action for policy violations, with deviations permitted only with a valid business case reviewed and approved by the Security Management Team and/or Legal Counsel.
• The policy references the Payment Card Industry Data Security Standard (PCI DSS) as part of its requirements.

Description

This quiz covers the key points of an anti-virus and malicious code policy, focusing on protecting networks and devices from various forms of malware. It includes guidelines for anti-virus software usage, scanning procedures, user responsibilities, and enforcement measures.