POLICY:
All computers that connect to the University IT infrastructure, including all off-campus computers that connect remotely (e.g., via wireless, VPN, or dial up) must be protected with anti virus software or by other appropriate means. All anti virus software shall conform to campus standards and shall have up-to-date virus definitions. This policy applies to all computers, regardless of ownership or location.
PURPOSE:
On a daily basis, the campus is exposed to a large number of computer viruses. Although the campus e-mail server has an antivirus filter, computer viruses can also be transmitted in other ways, for example, through file sharing and downloading. Once infected with a virus, a computer is susceptible to a greater number of cyber attacks. The virus and subsequent cyber attacks can, for example:
1. Render the computer effectively unusable
2. Spread itself from this computer to other computers
3. Utilize the computer to participate in further cyber attacks
4. Allow remote users to access both the computer and the confidential data it contains
Antivirus software is an effective step to reduce the Campus's vulnerability associated with software viruses. To be effective, all campus computers must be appropriately protected.
PROCEDURES:
1. All computers attached to University IT Infrastructure must run antivirus software that conforms to University standards or be protected by other appropriate means. The local desktop administrator or the owner of the computer shall install such software. The settings for the virus protection software must not be altered in a manner that reduces the effectiveness of the software.
2. Each deployment of antivirus software shall be configured to ensure automatic updates of virus definitions based upon the following criteria:
- On campus, university-owned computers shall be updated via either the Enterprise or a local virus definition server.
- On campus, privately-owned computers, e.g., students in Residence halls, shall be updated via a live update to the vendor supplied virus definition server.
- Off-campus computers shall be updated via a live update to the vendor supplied virus definition server.
3. The current standard for antivirus software shall be posted on the following web site http://www.csun.edu/tsag/standards.
4. An unfiltered virus constitutes a security incident and must be reported. A user that detects such a virus needs to notify the University Helpdesk (helpdesk@csun.edu) or the Information Security Officer (iso@csun.edu).
5. A computer that is either unprotected by antivirus software or by other appropriate means, or is infected may be removed from the network.
RESPONSIBILITIES:
Local IT units are responsible to ensure antivirus software and automatic updates of virus definition files are properly installed and configured on University-owned computers. The owner of a privately owned computer is correspondingly responsible for his computer.
1. Vice Presidents and Deans are the point of accountability for ensuring that personnel adhere to this policy.
2. Information Technology (IT) shall provide support to local IT units in the following ways:
- IT/Computer and Technology Systems (CTS) is responsible for maintaining an Enterprise Antivirus Server from which automatic updates of virus definition files can be automatically obtained.
- IT/User Support Service (USS) is responsible for coordinating with local IT units to provide appropriate antivirus software.
- IT/Network Engineering and Operations (NEO) is responsible for disconnecting unprotected or infected computers from the network.
REFERENCES:
University Policy for Use of Computing Resources
FURTHER INFORMATION:
Chief Information Officer (hilary.baker@csun.edu)
Approved by the President