ISMS-ALFANAR-PROC-001-Antivirus Procedure-V3.4

Antivirus Procedure
Version 3.4
Signatures (For archiving purposes only) Page 1 of 10
CLASSIFICATION: INTERNAL
Form Issue: 1 Issue Date: Dec 18th, 2017 Form Rev.:0 Rev. Date: Dec 18th, 2017
AIRBUS ANTIVIRUS PROCEDURE Doc. Ref: ALF/IMS/ISMS/PROC/001

INFORMATION
EADS
SYSTEMS
Doc. issue 3 Jul 09th ,2014
INFORMATION SUPPORT SERVICES GROUP IT Doc. Rev. 4 Apr 12th ,2019
Document Preparation & Approval

Type of Document Procedure
Classification Internal
Available Language[s] English
Status Approved
Document Author IT Security Analyst
Owner Chief Information Security Officer
Developed By Group IT
Reviewed By Chief Information Security Officer
System Approval N/A
Approved By Group IT Executive Manager
Authorized By GIT Management
Document Change History
Issue Rev. Date ISO Section Nature of Revision Requester

Clause
No. revised
0 - - Initial Draft ISO Certification
1 May 21th, 2012
Body
2 0 May 01st, 2013 - - Review & Updates ISO Certification
Body
3 0 July 09th, 2014 - - Reviewed and updated ISO Certification
Body
1 Oct 08th ,2015 - - Yearly Review ISO Certification
Body
2 Apr 21th, 2016 - - Reviewed and updated. ISO Certification
Body
2 Feb 20th,2017 - - Annual review, no changes ISO Certification
Body
3 Jan 24th, 2018 - - Annual review with GIT team to ISO Certification
align with current process Body
4 Apr 12th,2019 - - Annual review with GIT team; ISO Certification
updated Internal audit Body
comments to align with current
Page 2 of 10
Signatures (For archiving purposes only)

INFORMATION
EADS
SYSTEMS
process; Replaced Chief

Information Officer title with
Group IT Executive Manager and
IT Security and Compliance
Officer title with Chief
Information Security Officer.
Distribution List
Main Channel Portal
Channel 1 Name Position
Page 3 of 10

INFORMATION
EADS
SYSTEMS
Contents
1. Introduction.....................................................................................................................................5
2. Scope...............................................................................................................................................5
3. Definition.........................................................................................................................................5
4. Procedure........................................................................................................................................5
4.1 Prevention...................................................................................................................................5
4.2 Detection.....................................................................................................................................6
4.3 Removal.......................................................................................................................................6
4.4 Awareness...................................................................................................................................7
5. General Procedure...........................................................................................................................7
6. Subscriptions and Information on Latest Threats............................................................................9
7. Responsibilities................................................................................................................................9
8. Records............................................................................................................................................9
9. Monitoring.......................................................................................................................................9
10. Review.........................................................................................................................................9
10.1 Scheduled, periodic review..........................................................................................................9
10.2 Unscheduled review..................................................................................................................10
11. ISO Standard Reference.............................................................................................................10
Page 4 of 10

INFORMATION
EADS
SYSTEMS
1. Introduction
The purpose of this procedure is to describe the Group IT Antivirus maintenance process.
Threats from viruses are well known throughout the IT Community. The spreading of viruses or
malicious code having self-propagating behavior can disrupt the normalcy at work. A vigilant and
good virus intelligence warning is the key to minimizing the impact of hoaxes. Objective of this
procedure is to mitigate interruptions to business activities, containment or minimization of damage
to the organisation and to protect all/critical business processes of alfanar from the effects of
virus/worm breakouts and protection from malicious code. This also establishes requirements that
must be met by all computers connected to alfanar’s networks to ensure effective and efficient virus
detection and prevention.
2. Scope
The scope of this procedure is applicable to all the IT assets of employees and contractors who
connect to alfanar IT network.
3. Definition
Virus: A virus is defined as a computer program that is hidden within another seemingly innocuous
program and that produces copies of itself and inserts them into other programs to perform a
malicious action such as, infect a computer without the knowledge of the user. Sometimes used as a
“catch‐all” phrase to include all types of malware (worms, spyware, adware, trojans, etc.).
4. Procedure
Antivirus software shall be deployed across all PCs, Servers and Laptops with regular virus definition
updates and scanning across PCs, Servers, and Laptop computers
A virus outbreak can cause potential harm to a company’s data confidentiality, integrity, availability,
company reputation and image. The antivirus procedure consists of three key components i.e.
prevention, detection and removal.
4.1 Prevention
 Antivirus agents will be installed in all the servers, laptops and PCs to limit the spread of virus
within the network.
 Programs will not be executed, nor file opened by applications prone to macro viruses without
prior scanning.
 All incoming and outgoing email and attachments should be scanned for virus.
 Emails with malicious, executable, vulnerable, etc attachment types should be blocked.
Examples of file extension types:
Page 5 of 10

INFORMATION
EADS
SYSTEMS
Adp App Asp Bas Bat Cer Chm Cmd Com cpl crt
csh exe fxp gadget hlp hta inf ins isp its js
jse ksh lnk mad maf mag mam maq mar mas mat
mav maw mda mdb mde mdt mdw mdz msc msi msp
mst ops pcd pif prf prg pst reg scf scr sct
shb shs vb vbe vbs vsmacros vss vst vsw ws
wsc wsf wsh Ade
4.2 Detection
 To keep abreast of the latest viruses that have been identified, scanning software should be
updated on a regular basis or as updates arrive.
 Virus scanning results should be logged and reviewed by the Group IT Technology and
Operations team.
 All data imported to a computer (from USB, CD, e-mail, file transfer or any downloads) should
be scanned before usage.
 Employees should inform IT Service Desk of any virus that is detected, configuration change, or
unusual behavior of a computer or application. The virus incident shall be logged immediate
into ITSM ticket and assigned to Group IT Service Desk.
 Group IT Technology and Operations team and IT Security and Compliance Team should send
notification to all the relevant users informing them about dangerous virus, potential zero-day
attacks or advanced persistent threats.
4.3 Removal
 Any infected system is deemed capable of infecting or affecting other computers or the
network, the infected computer shall be immediately isolated from the network until it is
cleaned.
If the network has been infected, Group IT Technology and Operations team shall isolate the
contaminated portion of the alfanar network from the rest of the company.
 Group IT Technology and Operations team should take the necessary actions to contain the
virus. This may involve a visit to the work site or resolution may take place remotely if the GIT
Service Desk agent can access the computer using screen-sharing software
 The system should not be reconnected to the network until the Group IT Technology and
Operations team verifies that the virus has been removed. For any virus infection, Antivirus
software should be used to remove a virus from an infected file or program or system.
Page 6 of 10

INFORMATION
EADS
SYSTEMS
 The antivirus software shall clean the virus infection files. if it can't be cleaned then the file is
recoverable from backup, then it is deleted. If the file is not recoverable from backup, then it is
quarantined off the network.
 If antivirus software fails to remove the virus, and all other attempts to remove such virus fails,
then system should be formatted/ reimaged, and all software reinstalled using clean, licensed
copies.
 The root cause of the virus attack shall be analyzed by System Administrator and appropriate
preventive controls shall be implemented to avoid recurrence of such attacks.
4.4 Awareness
All users and management shall get awareness on the impact and potential damages due to virus
infection by IT Security and Compliance team.
User’s security awareness should include the following information to ensure a clean virus free
system and to prevent spreading of virus infection:
 Antivirus scanning software is limited to the detection and cleaning of viruses.
 Antivirus software must be updated regularly to maintain protection from the latest viruses.
 Process to inform the GIT Service Desk of any suspected virus infections of the computer or any
application.
 It is important to immediately disconnect a computer that is infected or thought to be infected
from networks to reduce the risk of spreading a virus.
 Both inbound and outbound SMTP messages shall be scanned for viruses
 Direct disk sharing with read/write access shall be avoided, unless there is absolutely a business
requirement to do so. If the business so requires, share only the relevant folders (and not
entire hard disk drives) protected by strong passwords
 Any activities with the intention to create and/or distribute malicious programs from and to
alfanar's networks (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.) are prohibited
 Any application conflicts with Antivirus software, the application path shall be added into the
Antivirus software exclusion list with the support of GIT team.
5. General Procedure
 The Group IT is responsible for supplying a companywide license for antivirus software. All PCs,
Laptops and servers connected to the network must have up-to-date antivirus products installed
and running.
Page 7 of 10

INFORMATION
EADS
SYSTEMS
Antivirus software scanning engine and the virus pattern files shall be kept up-to-date. The time

frame acceptable for updating the new pattern file for all the PCs, laptops and servers within 24
hours after the release of the patch.
 The virus scanner shall be scheduled to scan for viruses at regular intervals. Virus-infected
computers shall be removed from the network as soon as they are identified, until they are
verified as virus-free.
 Central monitoring and logging console shall be deployed, to monitor the status of pattern
updates on all the computers and to log the activities performed on them.
 All virus detection incidents shall be logged, along with the action taken. Quarantine, Deletion or
Successful cleaning.
 The Group IT shall ensure Antivirus software is run at regular intervals, and computers are
verified as virus-free.
 Hoax threats can deflect attention from the genuine viruses and other malicious code,
increasing susceptibility to infection. This policy shall communicate the users not to trust and
send virus mail related hoax to other users, but to forward the same to the Group IT service
desk.
 Regular monitoring checks shall be done for the user’s PCs and servers to ensure latest version
of virus engines and the definitions files are up-to-date.
 Disabling and uninstallation of the Antivirus software shall be restricted.
 User awareness shall be created for all employees of alfanar for virus -free systems.
 Users shall be informed of any new virus threats releases and the impact of their computers
getting infected.
 For operating systems that have no supportable antivirus products, the GIT Tech & Ops team
shall apply all security patches.
 Employees of the company are responsible for using antivirus software to maintain a safe and
predictable working environment.
Recommended actions to prevent virus problems:
 Never open any files or macros attached to an email from an unknown, suspicious or
untrustworthy source. Delete these attachments immediately, then "double delete" them by
emptying your Trash.
 Delete spam, chain, and other junk email without forwarding.
 Never download files from unknown or suspicious sources.
 Never provide your personal information to anyone by email , e.g. date of birth, password
(Requests for this type of information is known as Phishing).
 Avoid clicking on unknown internet sites (URLs) that are received from unknown sources via
emails as by connecting to these sites you may be infected by a Trojan.
Page 8 of 10

INFORMATION
EADS
SYSTEMS
 Avoid direct disk sharing with read/write access unless there is absolutely a business
requirement to do so.
 Always scan a CD, DVD, USB stick or external hard drive from an unknown source for viruses
before using it.
 Back-up critical data and system configurations on a regular basis to a network drive.
 New viruses are discovered almost every day. Periodically check that your anti-virus software
and definition files are up-to-date.
6. Subscriptions and Information on Latest Threats

It is very essential that latest information and updates on virus, worm and other malicious attacks is
received so that appropriate action shall be initiated to prevent alfanar’s network, users and
business from malicious threats
IT Service Desk in consultation with Group IT Tech & Ops Manager shall select sources such as
subscription to mailing lists, security Antivirus web sites, reputable journals, suppliers and ensure
that the latest threats are received well in advance. It shall also be ensured that the information
received about viruses is genuine and from trusted sources.
7. Responsibilities
Chief Information Security Officer with Group IT Technology and Operations Manager is responsible
to develop and communicate this procedure.
The responsibility for deployment, maintenance and monitoring lays with Group IT Technical
Consultants and Service Desk Team. However, all employees and contractors shall comply with the
procedure.
8. Records
Reports generated by Antivirus server.
9. Monitoring
Group IT Technology and Operations team and IT Service Desk should monitor this process.
Page 9 of 10

INFORMATION
EADS
SYSTEMS
10. Review
10.1 Scheduled, periodic review
The procedure will be reviewed by Group IT Technology and Operations Manager along with Chief
Information Security Officer annually to ensure its completeness, effectiveness and usability.
10.2 Unscheduled review

The IT Technology and Operations Manager along with Chief Information Security Officer review
and evaluate the procedure in response to any changes affecting the basis of the original risk
assessment such as organizational changes, technological changes, significant security incidents,
new vulnerabilities, etc.
11. ISO Standard Reference

Sl. No Standard Reference
1 ISO 27001:2013 A.12.2.1: Controls against malware
2 ISO 27001:2013 A.12.2.1: Controls against malicious software
3 ISO 27001:2013 A.16.1.2: Reporting Information security events
4 ISO 27001:2013 A.16.1.3: Reporting security weakness
Page 10 of 10

ISMS-ALFANAR-PROC-001-Antivirus Procedure-V3.4

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ISMS-ALFANAR-PROC-001-Antivirus Procedure-V3.4

Uploaded by

Copyright:

Available Formats

Antivirus Procedure

Signatures (For archiving purposes only) Page 1 of 10

AIRBUS ANTIVIRUS PROCEDURE Doc. Ref: ALF/IMS/ISMS/PROC/001

Document Preparation & Approval

Document Change History

Issue Rev. Date ISO Section Nature of Revision Requester

AIRBUS ANTIVIRUS PROCEDURE Doc. Ref: ALF/IMS/ISMS/PROC/001

process; Replaced Chief

AIRBUS ANTIVIRUS PROCEDURE Doc. Ref: ALF/IMS/ISMS/PROC/001

AIRBUS ANTIVIRUS PROCEDURE Doc. Ref: ALF/IMS/ISMS/PROC/001

AIRBUS ANTIVIRUS PROCEDURE Doc. Ref: ALF/IMS/ISMS/PROC/001

AIRBUS ANTIVIRUS PROCEDURE Doc. Ref: ALF/IMS/ISMS/PROC/001

AIRBUS ANTIVIRUS PROCEDURE Doc. Ref: ALF/IMS/ISMS/PROC/001

AIRBUS ANTIVIRUS PROCEDURE Doc. Ref: ALF/IMS/ISMS/PROC/001

6. Subscriptions and Information on Latest Threats

AIRBUS ANTIVIRUS PROCEDURE Doc. Ref: ALF/IMS/ISMS/PROC/001

10.2 Unscheduled review

11. ISO Standard Reference

1 ISO 27001:2013 A.12.2.1: Controls against malware

2 ISO 27001:2013 A.12.2.1: Controls against malicious software

3 ISO 27001:2013 A.16.1.2: Reporting Information security events

4 ISO 27001:2013 A.16.1.3: Reporting security weakness

You might also like