Malware Protection Policy
Details
| Date | Version | Status | Information Classification | Document Template ID | Document No |
|---|---|---|---|---|---|
| 22-01-2020 | 1.4 | Approved | Internal | AMS DOC | AMS-ISMS-PL- 05 |
Revision History
| Date | Version | Description | Author | Reviewed by | Approved by | Approved date |
|---|---|---|---|---|---|---|
| 06-06-2015 | 1.0 | Initial Version | Praveen | Premanand | Premanand | |
| 23-06-2016 | 1.1 | Annual Review – No changes made | ||||
| 31-07-2017 | 1.1 | Annual Review – No changes made | ||||
| 10-08-2017 | 1.2 | Deleted etc., | ||||
| 18-03-2019 | 1.3 | Annual Review – No changes made | Praveen | |||
| 24-12-2019 | 1.4 | Annual Review 2020 - Changes made to align with the standard document format | Praveen | Shaila | Suresh Kumar B V | 22-01-2020 |
Acronym Used
| Acronym | Expanded Form |
|---|---|
Introduction
The policy describes ASL approach towards managing malicious software's and codes. Specific requirements for protecting information assets from malicious software and codes are provided in this policy.
Definition
Malware (Malicious Software) describes any piece of code designed to infect information processing systems including mobile devices. A virus is considered malware. The term \'malware\' is used as a way describe any malicious software including: adware, spyware, worms, Trojans, and viruses.
Applicability
This policy is applicable to all employees, contractors, and consultants of ASL who have been granted access information or systems. All such personnel are referred to as users in this policy document. This policy is also applicable to all the IT assets and services owned or leased by ASL.
Policy Statement
All applicable information processing facilities used within ASL should be protected with anti-malware software or hardware which can detect, prevent and recover the information systems. There should be a clearly defined process to ensure early detection, efficient containment including quarantining and eradication of malware and appropriate user awareness of the impact and counter measures.
Anti-Malware Application
Antimalware Application should be installed on all systems. IT Department should ensure that any workstation (servers, desktops, iPADs, mobile phone and laptops) that is connected to the network is installed with ASL approved anti-malware software program. A new system should be handed over to the user only after it is verified that it has adequate malware protection mechanism.
Antimalware agents that are installed on the client systems should be password protected to ensure that end users cannot uninstall the agent. Similarly the end users should not have any privileges to change any configurations or disable the agent.
While upgrading the systems (migrating to new operating system), it should be ensured that the agent can support the new system and provide adequate protection. Adequate number of licenses to cover all systems should be available for the anti-malware application.
Antivirus Scans
There should be a regular scan of all the systems. All the systems including the applicable servers should be scanned once a week and a detailed report should be reviewed by the IT Department. Users are prohibited to disrupt or disable scanning of their system. Regular scans to be conducted for all the files received or networks or any storage medium.
Malware detection and repair software should be capable of scanning visiting webpages.
Any device/information systems are detected with malware infection is to be isolated immediately for further investigation and recovery.
Any system that is not turned on during the scheduled scanning time will be scanned for virus immediately when it is turned on.
Files and Attachment Scanning
All files that are downloaded from internet should be automatically scanned for virus infections and should be either quarantined or deleted as appropriate. Similarly any files copied from removable media (CDs / DVDs) should also be scanned appropriately.
Any attachment that is received or downloaded should be appropriately scanned by the antivirus application.
Mobile Code protection
- Mobile codes such as ActiveX, Java Scripts, and Macros should be controlled within ASL and users are encouraged not to use such codes.
Malicious Websites
- Users and employees of ASL information systems are instructed not to use or visit unknown malicious websites. These sites are detected and blacklisted at gateway level.
Update of malware detection and repair software
Malware detection and repair software are to be updated on a regular basis. Adequate redundancy mechanism should be made available to ensure that virus signatures are available if the main sources for providing antivirus updates are not available.
In the event of a possible virus infection, employees should inform IT Department immediately and should not try to remove/delete the virus infection themselves.
Tracking new virus outbreaks
ASL should define procedures and responsibilities to deal with malware protection on systems, training in their use, reporting and recovering from malware attacks. ASL has implemented procedures to regularly collect information, such as subscribing to mailing lists or verifying websites giving information about new malware. ASL has subscribed to the newsletter services from [www.AV-test.org] to be updated on antivirus and malwares. Procedures are in place to verify information relating to malware, and ensure that warning bulletins are accurate and genuine. No bulletins or information about malware to be taken in to consideration from untrusted sources.
IT Department should regularly monitor for any massive outbreaks and take adequate measures such as downloading specific tools or carrying out manual procedures to clean virus infections.(Ref:ISO/SEC 27001:2013 A12.2.1 & A12.6.1)
Enforcement
Actions that are required to be followed by the end user with respect to virus protection should be communicated through the Acceptable Usage Guideline. Users should be constantly reminded about their responsibilities through security awareness programs, awareness posters.
It should be ensured that all systems are protected by antivirus application. Any system that is found without appropriate antivirus protection should be disconnected from the network. Any user found to spread virus infection should be subjected to disciplinary action up to and including termination of employment.
Supporting Policies, Standards, Guidelines and Processes
| Srl. | Document/Section Name |
| Operation Security policy | |
| Antivirus SOP |