Malware Protection
Policy Supported: / University Policy on: IT Security (UP16/3)
Preamble
Malware constitutes a major threat to the confidentiality, integrity and availability of University IT systems and data. The purpose of this IT Standard is to ensure that University IT systems are hardened against malware attack and protected by anti-malware software at all times. This IT Standard establishes:
- Mandatoryprotection requirements for all University-owned devicesthat can be connected directly or remotely to the University network.
- Protective measure recommendations for all personal devices that canbe connecteddirectlyor remotely to the University network.
Relevant Definitions
For definitions of the conceptions and terms in this IT Standard, please refer to theBITS Policy and Standard Definitions
Standard
1Malware Protection
1.1All operating systems must be vendor-supported with the latest security patches installed prior to connection to the University network.
1.2All University-owned devices must have supported anti-malware software installed and scheduled to run full system scans at regular intervals. The anti-malware software and the malware pattern files must be kept up to date, connected devices should check for pattern file updates at least every 3 hours
1.3The anti-malware software on University-owned devices shall be configured to scan all attachments or files before downloading and saving, scan on read and write, to a University-owned device and shall prevent downloads containing viruses, worms, trojan horses or other malware.
1.4All University-owned devices must have the University-supplied and supported anti-malware protection software installed and users of these computers shall not disable the anti-malware software or the anti-malware updating schedules.
1.5All anti-malware software on University-owned devices must be actively managed to ensure that the latest software updates and malware signatures are installed. Anti-malware software must be configured to obtain these updates automatically, at least every 3 hours,from either the anti-malware vendor or a source prescribed by BITS.
1.6Any malware-infected devices and/or files must be removed from the University network until they are verified as malware-free.
2Responsibilities
2.1The University is responsible for anti-malware software and applicable operating system and software patches for University-owned devices.
2.2Users of personal devices that can connect directly or remotely to the University network, must ensure that these devices do not pose a threat to the operation of University IT systems.
2.3All users must be aware of the risks, must comply with this standardand any supporting procedures, and must act responsibly to protect University-owned data (including account credentials/passwords).
2.4Users of University-owned devices must escalate action or seek advice from the BITS Service Desk or local IT support where appropriate or when in doubt, as early detection and timely intervention can significantly reduce the impact of damage caused by malware.
2.5University staff with administrative privileges must ensure that all University IT systems for which they are responsible comply with this Malware Protection standard.
3Enforcement
3.1The University reserves the right to inspect University-owned devices for adequate malware protection.
3.2Any University-owned or personal mobile device directly or remotely connected to the University network that is found to be infected with malware or to have been compromised in any way will be disconnected from the network immediately, pending further investigation and corrective action.
ReferencesComputer and Software Use Regulations
University Policy on: IT Security
IT Standard on: Authentication and Passwords
IT Standard on: Remote Access to University IT Systems
IT Standard on: Firewall Rule Sets
Approval
Approval Authority: / Chief Information OfficerRevision History:
Version / Date Approved / Next Review Date1.0 / 21.03.2016 / 20.03.2018
Malware Protection v1.0Page 1 of 2