Questions and Answers
Does the anti-virus and malicious code policy document aim to protect networks, information processing facilities, and mobile devices from malicious software?
True
Is the policy designed to meet PCI DSS requirements?
True
Are users responsible for being vigilant with unsolicited or suspicious emails, scanning media from unknown sources, and reporting any suspected entry or activation of malicious software?
True
Is it required to scan all new code for viruses before being moved into production or transmitted or stored on the network?
Signup and view all the answers
Are workstations, laptops, and servers required to have specific requirements for anti-virus protection, including scheduled checks and automated updates?
Signup and view all the answers
Is a different anti-virus solution required to be used for the network gateway, with scanning of web traffic retrieved by web proxies for malicious software?
Signup and view all the answers
Is it required to delete any e-mail identified as containing a virus, worm, or Trojan and not pass it to the recipient's e-mail client, with specific requirements for scanning and handling encrypted e-mails?
Signup and view all the answers
Is it a responsibility of third-party vendors to provide updates in a timely manner and offer support, advice, and guidance?
Signup and view all the answers
Must anti-virus software be enabled and configured so that it cannot be tampered with on computing devices that connect to the network?
Signup and view all the answers
Study Notes
Anti-virus and Malicious Code Policy Document Summary
- The policy aims to protect networks, information processing facilities, and mobile devices from malicious software by ensuring correct configuration of anti-virus software.
- The policy is designed to meet PCI DSS requirements and applies to all information processing facilities and mobile devices under the company's control.
- Roles and responsibilities include responsibilities for client, server, and anti-virus administrators, IT security manager, user responsibilities, and third-party vendor responsibilities.
- Anti-virus scanning and configuration should proactively and periodically scan for viruses, with strict controls on obtaining files and software from external networks.
- Platforms requiring anti-virus configuration include workstations, laptops, servers, gateway virus scanning, and e-mail content scanning.
- Users are responsible for being vigilant with unsolicited or suspicious emails, scanning media from unknown sources, and reporting any suspected entry or activation of malicious software.
- Third-party vendors are responsible for providing updates in a timely manner and offering support, advice, and guidance.
- Anti-virus software must be enabled and configured so that it cannot be tampered with on computing devices that connect to the network.
- All new code should be scanned for viruses before being moved into production or transmitted or stored on the network.
- Workstations, laptops, and servers have specific requirements for anti-virus protection, including scheduled checks and automated updates.
- A different anti-virus solution must be used for the network gateway, with scanning of web traffic retrieved by web proxies for malicious software.
- Any e-mail identified as containing a virus, worm, or Trojan must be deleted and not passed to the recipient's e-mail client, with specific requirements for scanning and handling encrypted e-mails.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
