Developing an antivirus policy

I don't just mean the vague general overview document that flatly states that all possible virus infections shall be repelled. I am referring to a fully functional security documentation infrastructure that includes policies, standards, guidelines and procedures. Without documentation from general goal overview to detailed step-by-step instructions for implementation, I don't see how any solution can be deemed successful in any environment.

With that said, I'll focus on the key elements that need to be present in an enterprise-wide antivirus security policy. In my view, here are the issues that you must somehow address:

• Solutions should include software as well as personnel education.
• An emergency response team should be formed that is trained and experienced in infection detection, termination and recovery.
• Software solutions should provide automated protection and self-updating capabilities.
• Virus-free backups should be a high priority.
• Preventing virus infected files from reaching your core servers should be of the utmost importance.
• Users, who are risk takers or have a history of being the conduit through which malicious code enters your environment, should be strongly warned then removed upon repeated infractions.
• Users should be granted access on the basis of the principle of least privilege; if a resource or a function is not required for their specific work tasks, then it should not be granted to the user.
• No unapproved and untested software shall be installed on any production system within the environment.
• Users are not to perform virus recovery, removal or cleaning on their own; they should contact the emergency response team.
• All information about viruses, especially protection, removal and cleaning instructions, should be double checked by researching various trustworthy, well-known antivirus organizations. Unsolicited e-mails about virus response initiatives will be ignored until they are validated.
• Active content and file downloading will be restricted or rigidly managed to prevent malicious code infection.

About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.