ITS Security Policy 107 Anti-Malware

Tags security

Security Policy Goals [Link]

Statement of purpose

CCC’s Defense in Depth strategy seeks to prevent the intrusion and activation of malicious software, commonly referred to as “malware”. There are various types of malware and prevention may require different techniques and technologies. This policy seeks to protect the college, students, faculty, and staff from the adverse impact of malware infection.

Scope statement

This policy applies to all CCC ITS resources. Accountable and responsible individuals are the Information Security team and ITS operational support personnel. For CCC systems supported and maintained by third parties, such parties are also subject to this policy. Others in scope are users of CCC ITS Resources.

Policy summary

All Clackamas Community College (CCC) Information Technology Services (ITS) resources potentially vulnerable to viruses or other malware, whether managed by employees or third parties, shall be protected by approved software.

This policy shall be subject to and superseded by applicable regulations and laws.

Policy

  1. The Chief Information Security Officer (CISO) shall approve anti-malware software for use on all applicable ITS resources.
  2. Anti-malware software shall be configured to receive automatic updates, perform periodic scans, and log events.
    1. Software will be selected and configured so that events are recorded to a centralized repository such as a SIEM.
  3. Anti-malware product will be configured by centralized policy and will be configured to prohibit non-administrators from making changes to the product. Per device changes will be made only for testing and troubleshooting procedures and centralized policy changes will be made using change management procedures.
  4. Signatures for anti-malware software shall be automatically updated at least once per day.
  5. Systems running CCC anti-malware software shall alert the information security team in real time of the detection of a virus. The CISO will determine what steps to take based on the Risk Management policy and best practices.
  6. Retention of anti-malware software logs shall be in accordance with applicable law, regulation, or as described in the Data Retention and Disposal Policy (104).[SW1] 
  7. Anti-virus product will be installed in non-persistent desktops, such as VMware Horizon instant clones and lab computers protected by Smart Shield software, however they do not require automatic scanning of file systems provided that the file system is scanned and found to be free of malware at the time that the persistent desktop state is captured.

Exemptions

None.

Exemptions

None.

Exceptions

Exceptions to this policy must be pre-approved in writing by the Chief Information Officer (CIO).

Policy violation [Link]

Complaint procedures [Link]

Governing standards, policies, and guidelines [Link]

Definitions [Link]

Responsible executive

Chief Information Officer

Last revision date

7-13-2022 srw (Final Draft)