Developing an antivirus policy

Some things to take into account when developing an antivirus policy.

James Michael Stewart

It is my opinion that any successful security solution is backed by a solid security policy. And by security policy,...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate Email Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

I don't just mean the vague general overview document that flatly states that all possible virus infections shall be repelled. I am referring to a fully functional security documentation infrastructure that includes policies, standards, guidelines and procedures. Without documentation from general goal overview to detailed step-by-step instructions for implementation, I don't see how any solution can be deemed successful in any environment.

With that said, I'll focus on the key elements that need to be present in an enterprise-wide antivirus security policy. In my view, here are the issues that you must somehow address:

Solutions should include software as well as personnel education.
An emergency response team should be formed that is trained and experienced in infection detection, termination and recovery.
Software solutions should provide automated protection and self-updating capabilities.
Virus-free backups should be a high priority.
Preventing virus infected files from reaching your core servers should be of the utmost importance.
Users, who are risk takers or have a history of being the conduit through which malicious code enters your environment, should be strongly warned then removed upon repeated infractions.
Users should be granted access on the basis of the principle of least privilege; if a resource or a function is not required for their specific work tasks, then it should not be granted to the user.
No unapproved and untested software shall be installed on any production system within the environment.
Users are not to perform virus recovery, removal or cleaning on their own; they should contact the emergency response team.
All information about viruses, especially protection, removal and cleaning instructions, should be double checked by researching various trustworthy, well-known antivirus organizations. Unsolicited e-mails about virus response initiatives will be ignored until they are validated.
Active content and file downloading will be restricted or rigidly managed to prevent malicious code infection.

About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.

This was last published in May 2003

virus (computer virus)

malware

computer worm

macro virus