And Antivirus Procedures Version 0



Download 27.62 Kb.
Date29.07.2017
Size27.62 Kb.
#24075

PUBLIC


Information Security Document


Malicious Software

and Antivirus

Procedures

Version 7.0





Version History

Version

Date

Detail

Author

1.0

24/11/2010

Completed for Distribution

Jo White

1.0

21/12/2010

Approved by Information Governance Group

Jo White

2.0

20/12/2011

Reviewed by Information Governance Group

Jo White

3.0

25/01/2013

Reviewed by Information Governance Group

Jo White

4.0

10/02/2014

Reviewed by Information Governance Group

Jo White

5.0

16/03/2015

Reviewed by Information Governance Group

Jo White

6.0

04/04/2016

Reviewed by Information Governance Group. Details of types of attacks and how to deal with them incorporated.

Jo White

7.0

09/05/2017

Reviewed by Information Governance Group. Transformation changed to ICT.

Jo White














This document has been prepared using the following ISO27001:2013 standard controls as reference:

ISO Control

Description

A.12.2.1

Controls against malware

A.16.1.2

Reporting information security events



1Introduction


The Council is under constant threat from malicious software and infection of computer viruses. The Council must continue to be proactive in its response to safeguarding the security and integrity of its ICT systems, information and data.

There are many forms of delivery of malicious software and virus attacks such as:



Malicious software and viruses can not only affect the integrity of information and data, once on our network, they can be used to mount cyber-attacks across the whole Council computer network.


2Procedures


The ICT Service has addressed the need for a managed and structured

process for the installation and configuration of antivirus/malware software.

Routine maintenance, management and updating of the antivirus solution will be carried out by Customer Services within the ICT Service

The antivirus software is automatically distributed to all computers on the Council’s data network using a managed software roll-out system. Computer users will notice and should be aware of the following:


This icon to the right of the taskbar (next to the clock on the system tray) indicates that the antivirus has been successfully installed and a full system

scan has been completed and that no malicious software or viruses have been detected.

The antivirus issued a low or medium alert message.

A low or medium alert message means one of the following:

- Malware with a low or medium severity rating was discovered.
- Definitions are older than 7 days (configured by Policy)
- A definition update failed.
- No scans were completed successfully in 14 days.
- A full scan is required.
- A restart is required.

A high or severe alert message may indicate any of the following:

- Malware with a high or severe severity rating was discovered.
- The antimalware service is either stopped or in a not-ready state.
- Real-time protection is turned off.
- Antivirus/Antispyware protection is disabled

This icon to the right of the taskbar, indicates that the antivirus is currently scanning the computer for malicious software and viruses.


This icon shows that the antivirus is in the process of downloading the latest software definition updates.
Please note:

Any warnings visible on screen from the antivirus software about identified/detected threats from viruses/malware should be reported to the ICT Service Desk as soon as possible and the computer disconnected from the Council network immediately on seeing the warning.


All computers with antivirus installed, are currently configured to undertake a complete a full system scan every Thursday at 10am. This scanning/updating scheduled will be regularly reviewed by the ICT Service.

Computers must be connected to the Council network in order for the antivirus software to be installed. Computers must be regularly connected to the network in order to pick up the latest versions. Computers that do not connect for two months will be automatically removed from the network and users will need to contact the ICT Service Desk to enable the latest definitions to be downloaded and for access to be restored.


If for any reason, a computer is suspected of not displaying or showing any installation of antivirus, this must be reported immediately to the ICT Service Desk and the computer disconnected from the Council network immediately.
All storage media (e.g. compact disks or USB devices) which are inserted into the County Council’s computers must be scanned for viruses and malicious software before use. If the storage media is a USB device it must be of the type that has been purchased and approved by the Authority’s ICT Service and must be encrypted before use.
Virus-infected computers must be immediately disconnected from the County Council’s network until the ICT Service has verified that the computer is virus or malware free. Where a user has been associated with a virus or malware attack it is essential that the user’s passwords are changed before accessing the network again.


This document forms part of the Council's ISMS Policy and as such, must be fully complied with.

Version 7.0 Derbyshire County Council Malicious Software and Antivirus Procedures






Download 27.62 Kb.

Share with your friends:




The database is protected by copyright ©ininet.org 2024
send message

    Main page