Developing an antivirus policy

Some things to take into account when developing an antivirus policy.

It is my opinion that any successful security solution is backed by a solid security policy. And by security policy,...

I don't just mean the vague general overview document that flatly states that all possible virus infections shall be repelled. I am referring to a fully functional security documentation infrastructure that includes policies, standards, guidelines and procedures. Without documentation from general goal overview to detailed step-by-step instructions for implementation, I don't see how any solution can be deemed successful in any environment.

With that said, I'll focus on the key elements that need to be present in an enterprise-wide antivirus security policy. In my view, here are the issues that you must somehow address:

  • Solutions should include software as well as personnel education.
  • An emergency response team should be formed that is trained and experienced in infection detection, termination and recovery.
  • Software solutions should provide automated protection and self-updating capabilities.
  • Virus-free backups should be a high priority.
  • Preventing virus infected files from reaching your core servers should be of the utmost importance.
  • Users, who are risk takers or have a history of being the conduit through which malicious code enters your environment, should be strongly warned then removed upon repeated infractions.
  • Users should be granted access on the basis of the principle of least privilege; if a resource or a function is not required for their specific work tasks, then it should not be granted to the user.
  • No unapproved and untested software shall be installed on any production system within the environment.
  • Users are not to perform virus recovery, removal or cleaning on their own; they should contact the emergency response team.
  • All information about viruses, especially protection, removal and cleaning instructions, should be double checked by researching various trustworthy, well-known antivirus organizations. Unsolicited e-mails about virus response initiatives will be ignored until they are validated.
  • Active content and file downloading will be restricted or rigidly managed to prevent malicious code infection.

About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.

This was last published in May 2003

Dig Deeper on Information Security Policies, Procedures and Guidelines



Find more PRO+ content and other member only offers, here.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: