The malware security policy documents your organization’s commitment to addressing head-on the problem of Internet- and email-based viruses. This policy also informs end users that they are not to try to “help” the IT Department by installing their own anti-virus tools.
This policy applies to all authorized users and systems on the corporate network.
The following rules define _COMPANY’s policy regarding the installation and use of anti-virus software:
- To prevent infection by computer viruses, only authorized workers in the IT Department may install or use any externally-provided software from the internet, or from a person or organization that has not been certified or approved by appropriate IT Department group.
- Virus scanning should be redundant where feasible. Virus screening software must be installed and enabled on all systems with direct or indirect connections, including firewalls, DMZ servers, FTP servers, mail servers, intranet servers, and desktop machines. The frequency of virus scans must conform to standards.
- At least two virus screening software packages must be employed. To assure that incoming viruses are immediately detected and eradicated, at least two virus screening software packages must be used at each point where electronic mail and other external file exchanges take place.
- Users must not attempt to eradicate computer viruses. If users suspect infection by a virus, they must immediately call the IT Department and refrain from attempting any type of troubleshooting on their own. Computer virus eradication must only be performed by authorized personnel who have been approved by the IT Department to do that work.