THREAT MONITOR
Developing an antivirus policy
James Michael Stewart
05.20.2003
Rating: -4.60- (out of 5)
|
It is my opinion that any successful security solution is backed by a solid security policy. And by security policy, I don't just mean the vague general overview document that flatly states that all possible virus infections shall be repelled. I am referring to a fully functional security documentation infrastructure that includes policies, standards, guidelines and procedures. Without documentation from general goal overview to detailed step-by-step instructions for implementation, I don't see how any solution can be deemed successful in any environment.
With that said, I'll focus on the key elements that need to be present in an enterprise-wide antivirus security policy. In my view, here are the issues that you must somehow address:
- Solutions should include software as well as personnel education.
- An emergency response team should be formed that is trained and experienced in infection detection, termination and recovery.
- Software solutions should provide automated protection and self-updating capabilities.
- Virus-free backups should be a high priority.
- Preventing virus infected files from reaching your core servers should be of the utmost importance.
- Users, who are risk takers or have a history of being the conduit through which malicious code enters your environment, should be strongly warned then removed upon repeated infractions.
- Users should be granted access on the basis of the principle of least privilege; if a resource or a function is not required for their specific work tasks, then it should not be granted to the user.
- No unapproved and untested software shall be installed on any production system within the environment.
- Users are not to perform virus recovery, removal or cleaning on their own; they should contact the emergency response team.
- All information about viruses, especially protection, removal and cleaning instructions, should be double checked by researching various trustworthy, well-known antivirus organizations. Unsolicited e-mails about virus response initiatives will be ignored until they are validated.
- Active content and file downloading will be restricted or rigidly managed to prevent malicious code infection.
About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.
For more information, visit these other resources:
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
