Problem solve Get help with specific problems with your technologies, process and projects.

Developing an antivirus policy

Some things to take into account when developing an antivirus policy.

It is my opinion that any successful security solution is backed by a solid security policy. And by security policy,...

I don't just mean the vague general overview document that flatly states that all possible virus infections shall be repelled. I am referring to a fully functional security documentation infrastructure that includes policies, standards, guidelines and procedures. Without documentation from general goal overview to detailed step-by-step instructions for implementation, I don't see how any solution can be deemed successful in any environment.

With that said, I'll focus on the key elements that need to be present in an enterprise-wide antivirus security policy. In my view, here are the issues that you must somehow address:

  • Solutions should include software as well as personnel education.
  • An emergency response team should be formed that is trained and experienced in infection detection, termination and recovery.
  • Software solutions should provide automated protection and self-updating capabilities.
  • Virus-free backups should be a high priority.
  • Preventing virus infected files from reaching your core servers should be of the utmost importance.
  • Users, who are risk takers or have a history of being the conduit through which malicious code enters your environment, should be strongly warned then removed upon repeated infractions.
  • Users should be granted access on the basis of the principle of least privilege; if a resource or a function is not required for their specific work tasks, then it should not be granted to the user.
  • No unapproved and untested software shall be installed on any production system within the environment.
  • Users are not to perform virus recovery, removal or cleaning on their own; they should contact the emergency response team.
  • All information about viruses, especially protection, removal and cleaning instructions, should be double checked by researching various trustworthy, well-known antivirus organizations. Unsolicited e-mails about virus response initiatives will be ignored until they are validated.
  • Active content and file downloading will be restricted or rigidly managed to prevent malicious code infection.

About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.

This was last published in May 2003

Dig Deeper on Information security policies, procedures and guidelines