Introduction
The issues of insecurity in organizations have risen to unprecedented levels. Organizations are now keen on the process of managing their security. Antivirus policies have been set up in order to have secure processes that will ensure that there is better management of the business processes. One of the most effective ways of ensuring that there are safe business processes that will lead to secure systems within an organization. This paper will focus on an antivirus policy for a mid-size organization. It will suggest the procedures that will guide computer users in an organization to use and behave for safe use of their computers.
POLICY
- Purpose
It is meant to put requirements in place that will ensure that computers within the organization have met all the requirements to ensure that there us effective detection and prevention of antivirus programs.
- Scope
The policy applies to all computers that are found within an organization. The devices that will be required to comply with the rules will include all personal computers and any organization computer that has been assigned to a user. Users are required to adhere to the policy and ensure that the environment in which the policy has been set is always safe. It will include desktop computers, laptop computers, servers (like ftp/tftp, and file), and mobile devices like palmtop computers. All these devices and any other computer device that is used in the management and enhancement of the business processes within the organization will be in the list. The policy will also cover all personnel that are attached to third-parties that provide services to the company. They have to ensure that the use of company equipment and resources are in a safe and manageable manner. Equipment that are used by individuals should be designed and managed in such a manner that there is better enhancement of the security of this equipment within the company. It is one of the ways and procedures they will ensure that there is better management of the security in the company. All programs that are considered to be suspicious should be reported to the security personnel so that they will be inspected and assessed. If, after the assessment of the program, it is found to be a virus, quarantine measures should be taken in order to ensure that all the other computers are not affected.
- Policy
All computers and mobile devices that are used in the organization are required to have a standard, and supported anti-virus programs installed. The programs must be updated at regular intervals without failure. The computer technicians should always ensure that there is an understanding of the systems that have been put in place to have antivirus programs in place. There is a need to ensure that the pattern files for the antivirus programs are always up-to-date. If there are computers that have been infected by a virus on the network, they should be isolated from the network so that any further damage will be eliminated. It is only when they are approved that they are free from virus infestation that they can be brought back to the network. Any intention to create and distribute programs that are considered to be malicious to the network are prohibited. Any person who will be found practicing such ill-motivated activities will face disciplinary action.
Also, users will be required to observe a required behavior while surfing the internet. There are sites that will be considered suspect in the appearance. It is important to understand these sites and have measures in place that will ensure that there is better management and enhancement of the procedures in place. Users will be required to ensure that they are careful in the installation of other programs in their personal computers. There will be stringent measures that will be put in place in order to ensure that there is better management of the programs that have been installed on computers and devices that have been installed. In most cases, the programs that have been installed by users without prior analysis and knowledge of the use of the programs are the source of the viruses that affect the use of computers.
- Adware/Spyware
All users will be required to ensure that they run checks for adware and spyware for their computers that have been networked. This process should be done on all personal and assigned computers on a regular basis. If there are suspicious adware or spyware that have been installed, the removal should follow the procedures that have been set by the organization technical team.
All users should have their browsers set to have some security levels. These levels will ensure that they are safe and will access only sites that are considered to be safe. There is a need to ensure that there are checks and assessments on programs before they are installed on machines. There is a need to run security checks in order to ensure that there is better management of the security in the organization.
All devices on the network will have to be installed with firewall. A firewall will ensure that there is better management of the security and that the programs. The programs will access only the sites that have been recommended by the security and technical team.
- Enforcement
There will be a need to have an enforcement procedure that will be used in the management of the policy that has been put in place. Any staff member who will be found to have violated the policy will have to face disciplinary action and may result to termination of employment.
Recommended tools
There will be a need to have tools that will be used in the management of the programs and ensure that there is safety in the computers that are used in an organization. One of the tools is Kaspersky Antivirus. It is a reliable antivirus that is used to manage computers and have easier ways in which updates can be done in the system. They have reliable system monitoring and can be managed from a central location. Their server capabilities are reliable because it will enable the administrators to manage the clients.
Conclusion
References
Chickering, R. A., & Hanna, S. (2011). United States Patent No. 7,982,595.
Green Templeton College. (2013, November 29). Anti-Virus, Spyware, Adware and Updates Policy. Retrieved from Green Templeton College : http://www.gtc.ox.ac.uk/images/stories/IT/antiviruspolicy.pdf
