Policy Subject |
ITS006 - Policy For Protection Against Viruses and Spam |
Purpose:
|
The University’s computer networks can be compromised by attacks from computer viruses that can spread quickly by unprotected or compromised computers. Apart from the annoyance factors associated with spam, it often carries and spreads viruses and other malicious software. The purpose of this policy is to create a stable computing environment that minimises downtime and maximises uptime by limiting the risk of widespread attack by a virus or spam. It also strives to protect the interests of the Internet community by minimising the risk of the University interrupting the computing environments of other organisations.
|
Scope: |
This policy applies to all email messages carried over, and all computers connected to, the University computer network, both wired and wireless, regardless of ownership of those computers. Unless otherwise stated, the term “computer” means servers, workstations, PCs, desktops, laptops, notebooks. This policy also applies to the anti-virus solutions required of Affiliated Organisations who connect to the University’s computer network.
|
Policy / Principles |
SPAM Management1. The University uses spam management software at the ingress and egress points of its network and requires all email entering and leaving its network to pass through that facility. 2. Any email that enters the University network without a fully qualified domain name will be automatically treated as spam. 3. The University asserts its right to quarantine or delete emails that, in its discretion, are suspected of being unsolicited spam mail. |
|
Email Virus Scanning4. The University requires all emails carried over its network to be scanned for computer viruses by the centrally managed anti-virus software. 5. The University asserts its right to delete or alter emails that, in its discretion, are suspected of containing viruses. |
|
Computer Virus Scanning6. The University provides a site license for anti-virus software and a regular update service for anti-virus definitions. All University owned and leased computers are required to use the software and update service for real-time protection. 7. The frequency of anti-virus definition updates and scans will not be configurable on end user controlled computers. 8. The University will supply all staff and students with access to virus detection and prevention software for use on privately owned computers. 9. Staff and students may only connect private computers to the University network if the computer has University approved anti-virus software installed, active and up to date. 10. Affiliated organisations will be permitted to connect to the University network only if University approved anti-virus software is installed on all computers and remains current. The University reserves the right to randomly audit compliance with this requirement. |
|
Virus Incident Management11. All virus infections are to be reported to the appropriate IT Help Desk immediately. 12. When an email virus is found, the email will be deleted but there will be no notification to either the sender or the recipient (because most viruses are from fictitious senders and are intended to be malicious). 13. University IT staff are to treat any virus infection with priority. Severe outbreaks are to be reported to the IT Risk Manager. A “severe outbreak” can change over time and is defined in the Incident Management Procedure. |
|
Centralised versus Distributed Monitoring of Viruses14. The central Office of IT Services is responsible for monitoring and addressing virus activity on the University’s computer network. 15. It may be beneficial for certain user groups to monitor their own virus activity. The University will support distributed monitoring of this kind providing the solution fully complies with the University Anti-Virus standard and the local user group fully funds the distributed solution.
|
Compliance16. It is recognised that there is work to be completed in order for students, staff and Divisions to comply with this policy. Full compliance is required by no later than 30 September 2007.
|
|
References and Further Information
|
Policy issues should be directed to Director IT Services. |
Approval |
This policy was approved by the Deputy Vice Chancellor and Chief Operating Officer on on 30 March 2007.
|
Supplementary InformationThe following information is relevant to this policy:
|
Please note: You are viewing the unstyled version of this web site. Either your browser does not support CSS (cascading style sheets) or it has been disabled.
