PUBLIC
Information Security Document
Malicious Software
and Antivirus
Procedures
Version 7.0
Version History
|
Version
|
Date
|
Detail
|
Author
|
1.0
|
24/11/2010
|
Completed for Distribution
|
Jo White
|
1.0
|
21/12/2010
|
Approved by Information Governance Group
|
Jo White
|
2.0
|
20/12/2011
|
Reviewed by Information Governance Group
|
Jo White
|
3.0
|
25/01/2013
|
Reviewed by Information Governance Group
|
Jo White
|
4.0
|
10/02/2014
|
Reviewed by Information Governance Group
|
Jo White
|
5.0
|
16/03/2015
|
Reviewed by Information Governance Group
|
Jo White
|
6.0
|
04/04/2016
|
Reviewed by Information Governance Group. Details of types of attacks and how to deal with them incorporated.
|
Jo White
|
7.0
|
09/05/2017
|
Reviewed by Information Governance Group. Transformation changed to ICT.
|
Jo White
|
|
|
|
|
This document has been prepared using the following ISO27001:2013 standard controls as reference:
|
ISO Control
|
Description
|
A.12.2.1
|
Controls against malware
|
A.16.1.2
|
Reporting information security events
|
1Introduction
The Council is under constant threat from malicious software and infection of computer viruses. The Council must continue to be proactive in its response to safeguarding the security and integrity of its ICT systems, information and data.
There are many forms of delivery of malicious software and virus attacks such as:
Malicious software and viruses can not only affect the integrity of information and data, once on our network, they can be used to mount cyber-attacks across the whole Council computer network.
2Procedures
The ICT Service has addressed the need for a managed and structured
process for the installation and configuration of antivirus/malware software.
Routine maintenance, management and updating of the antivirus solution will be carried out by Customer Services within the ICT Service
The antivirus software is automatically distributed to all computers on the Council’s data network using a managed software roll-out system. Computer users will notice and should be aware of the following:
This icon to the right of the taskbar (next to the clock on the system tray) indicates that the antivirus has been successfully installed and a full system
scan has been completed and that no malicious software or viruses have been detected.
The antivirus issued a low or medium alert message.
A low or medium alert message means one of the following:
- Malware with a low or medium severity rating was discovered.
- Definitions are older than 7 days (configured by Policy)
- A definition update failed.
- No scans were completed successfully in 14 days.
- A full scan is required.
- A restart is required.
A high or severe alert message may indicate any of the following:
- Malware with a high or severe severity rating was discovered.
- The antimalware service is either stopped or in a not-ready state.
- Real-time protection is turned off.
- Antivirus/Antispyware protection is disabled
This icon to the right of the taskbar, indicates that the antivirus is currently scanning the computer for malicious software and viruses.
This icon shows that the antivirus is in the process of downloading the latest software definition updates.
Please note:
Any warnings visible on screen from the antivirus software about identified/detected threats from viruses/malware should be reported to the ICT Service Desk as soon as possible and the computer disconnected from the Council network immediately on seeing the warning.
All computers with antivirus installed, are currently configured to undertake a complete a full system scan every Thursday at 10am. This scanning/updating scheduled will be regularly reviewed by the ICT Service.
Computers must be connected to the Council network in order for the antivirus software to be installed. Computers must be regularly connected to the network in order to pick up the latest versions. Computers that do not connect for two months will be automatically removed from the network and users will need to contact the ICT Service Desk to enable the latest definitions to be downloaded and for access to be restored.
If for any reason, a computer is suspected of not displaying or showing any installation of antivirus, this must be reported immediately to the ICT Service Desk and the computer disconnected from the Council network immediately.
All storage media (e.g. compact disks or USB devices) which are inserted into the County Council’s computers must be scanned for viruses and malicious software before use. If the storage media is a USB device it must be of the type that has been purchased and approved by the Authority’s ICT Service and must be encrypted before use.
Virus-infected computers must be immediately disconnected from the County Council’s network until the ICT Service has verified that the computer is virus or malware free. Where a user has been associated with a virus or malware attack it is essential that the user’s passwords are changed before accessing the network again.
This document forms part of the Council's ISMS Policy and as such, must be fully complied with.
Version 7.0 Derbyshire County Council Malicious Software and Antivirus Procedures
Share with your friends: |