ASSET PROTECTION POLICY: ANTI-MALWARE POLICY 1

Asset Protection Policy

(Anti-Malware Policy)

For

Health Insurance Company (HIC) Inc.

Emmylou Bice

CSOL 540 Cyber Security Operations Policy

University of San Diego

ASSET PROTECTION POLICY: ANTI-MALWARE POLICY 2

HIC, Inc. Anti-Malware Policy

Overview and Purpose

This policy is an internal HIC, Inc. policy that defines the anti-virus or anti-malware policy for

HIC, Inc information technology assets, including virus scanning frequencies, updates, software

installed, firewalls, or email protections (Astha, n.d.). This policy also identifies applicable

parties and responsibilities for implementing and enforcing this policy. This policy is designed to

protect HIC, Inc. assets and resources against potential breaches by viruses and malware. This

policy is also designed to establish security requirements for HIC, Inc information technologies

with respect to anti-virus and anti-malware protections.

Scope

This anti-virus policy applies to all HIC, Inc. information technology attached to any the internet,

intranet network, or standalone network to include, but is not limited to desktop computers,

laptops, tablets, servers, or cell phones. This policy also applies to the entire HIC, Inc. workforce

to include, but is not limited to employees, contractors, or interns.

Objectives

The main concern of this policy is to be effective and efficient in detecting and preventing

network virus outbreaks involving HIC, Inc. information technology assets. The main focus is to

ensure that all HIC, Inc workforce, to include employees, contractors, interns, etc. are aware of

cyber risks associated to viruses and take precautions in proper use of HIC, Inc. technology

(Southern University, 2008). The intent for this policy is to ensure the integrity, confidentiality,

and availability of HIC, Inc resources and information, the HIC, Inc. workforce operates

accordingly in practicing safe computing practices, and appropriates measures are in place that

assure the policy is being followed (Southern University, 2008). Specific instructions and
ASSET PROTECTION POLICY: ANTI-MALWARE POLICY 3

procedures for protecting and configuring anti-virus measures are documented in the Anti-Virus

Standard.

Responsibilities

The entire HIC, Inc. workforce is responsible for taking actions and measures to protect HIC,

Inc. assets against viruses and malware (Southern University, 2008). Failure to adhere to this

policy will result in the disabling of the user account and confiscation of devices. Key personnel

in the HIC, Inc. Information Technology group with Anti-Virus policy roles include:

 Maintaining anti-virus software on HIC, Inc. assets (Wofford, 2020):

o Mr. Scott Antivirus, 243-578-4787

 Maintaining the Firewall and Ports, Protocols, and Services:

o Ms. Felicity Wall, 243-573-7776

 Maintaining network account privileges (Wofford, 2010):

o Mr. Jesus Privy 243-572-2268

Policy

 All HIC, Inc. information technology assets to include workstations, laptops, desktops,

cell phones, tablets, etc. must have the McAfee Enterprise Anti-Virus installed. The anti-

Virus must be:

o Installed by HIC, Inc. Information Technology support.

o Configured to scan all appropriate directories on the filesystem.

o Automatically download updates to virus definitions daily.

o Must always be actively running in real time.

o Should be configured to only allow domain administrators with the ability to start

and stop the service.

ASSET PROTECTION POLICY: ANTI-MALWARE POLICY 4

 The HIC, Inc. Information technology group will manage the anti-virus software on all

internet gateways and email servers to scan incoming and outgoing email traffic

(Wofford, 2010). Any email found with a virus or malware shall be automatically deleted

(Astha, n.d.).

 Activities with the intent to install or transmit malicious programs or Denial of services

attacks are prohibited.

 Users transferring file shall scan the file with the anti-virus software prior to sending or

transmitting via FTP, web server, on a CD/DVD, portable storage, or any other method

(Astha, n.d.).

Enforcement and Exceptions

 HIC, Inc. IT support will install anti-virus software on all HIC, Inc. owned assets

including computers, laptops, and mobile devices (Wofford, 2010).

 HIC, Inc. IT support will disconnect a user’s system from the network if a virus is found

on their system (Wofford, 2010). The system will not be reconnected until an

investigation is complete to ensure the system is clean and no HIC, Inc. information has

been compromised.

 HIC, Inc. It will suspend VPN access for users who do not have the appropriate anti-virus

software or updated anti-virus definitions (Wofford, 2010).

 Exceptions to this policy may be allowed if the device cannot have an anti-virus installed.

Instances would include those where an inti-virus software has yet to be developed

(IUPUI, n.d.). These devices must be documented and have approval from the security

information technology department.

ASSET PROTECTION POLICY: ANTI-MALWARE POLICY 5

References

Astha. (n.d.). Anti-Virus Policy. From https://asthawebsite.s3.ap-south-

1.amazonaws.com/POLICIES/POlICY%20FOR%20ANTIVIRUS.pdf

IUPUI. (n.d.). Anti-Virus Policy. From https://soic.iupui.edu/technology/policies/anti-virus-

policy/

Southern University. (2008, March). ANTIVIRUS POLICY. From

https://www.subr.edu/assets/subr/NetworkSecurity/Antivirus_Policy.pdf

Wofford. (2010, August 09). Antivirus Policy. From https://dept.wofford.edu/it/Anti-Virus

%20Policy.pdf