Security Policy Paper - 1650 Words

Security Policy Paper (Essay Sample) Content: Policy Paper Name SurnameInstitutions Name Security policy for antivirus, spyware and adware for a medium-sized organizationIntroductionAntivirus, spyware, and adware are categories of malware. Malwares refer to types of software whose installation into a computer leads to the performance of undesired tasks. The intension for using malwares is often for the benefit of a third party. There are many malware programs, which include those that cause simple annoyances and those with the ability to cause serious computer damage through their invasion. Some of the serious damages and loses that could happen to a computer due to antivirus, spyware, and adware invasion include data loss, sharing of passwords and malfunctioning of the computer. In addition, certain malware programs are meant to transfer information regarding website activities to third parties (Vacca, 2013). OverviewThe security policy addresses antivirus, spyware, and adware in a medium-sized organization. It defines the handling of computer gadgets in the organization including how regularly computer software maintenance is expected to be performed, the manner in which computer updates are conducted, the type of programs to be installed and used on computers. The policy also defines the means by which prevention and removal of malware programs from computers is done (Aycock, 2011). It also denotes the types of files attachments to be blocked at the mail server, anti-virus and anti-spyware programs to be run on the server. The policy also specifies whether the use an anti-spam firewall is acceptable in order to offer additional security measures to the mail server (Aycock, 2011). It also specifies the manner in which files should be availed to the trusted sites and the examination process to determine unwanted or hostile content. A virus has the ability to replicate and distribute to other programs in the computer (Aycock, 2011). It also causes damage by using up computer memory, reforma tting the hard disk and deleting files. A spyware automatically gathers information from a computer and online activities and transfers it to other interested parties. Adware is financially supported or that which offers financial support to a different program through the display of ads when a computer is connected to the Internet (Aycock, 2011).PurposeThis security policy is designed with the aim of ensuring protection of the organizational resources against interference of intrusion by viruses, spyware, adware and other malware.ScopeThis policy is applicable to all computers and servers that are connected or associated with the organization network through wireless connections, standard network connections, virtual private network connections or modem connections. The policy explicitly includes computers owned by the organization, individuals or sharing the organizations network. The computer definition in this policy includes laptop computers, desktop workstations, handheld comp uting gadgets and servers (Vacca, 2013).Policy statementsAntivirusAll servers, computer devices belonging to the organization are expected to have an installed antivirus application that is capable of providing real-time scanning and protection for applications and files. It is important for the targeted systems to comply with the following requirements (Aycock, 2011):The availability of remote access capability to non-administrative usersA file server is possessed by the systemMicrosoft Share accessibility is possible to this server through systems accessed by non-administrative usersHTTP/FTP access is accessible from the internetApplications/Protocols can access this system from the Internet by the organizations security administratorAvailability of outbound web access from the systemThe organization is expected to use single antivirus software for protection as specified by the organizations security administrator. The minimum requirements, which should be enforced within the org anization, are:The antivirus software shall be in operation in real time on all computer devices and servers within the organization. The antivirus shall also be configured in order to offer protection on a real time basis.The antivirus definition shall undergo updates at least on a single occasion in a day.Antivirus scanning to the servers and computer appliances within the organization shall be performed at least once per week. No one is allowed to stop antivirus updates process and antivirus scans process except the domain administrators.All servers and computer appliances within the organization and belonging to the organization shall have an antivirus application installed that provides protection. The antivirus shall be used to scan files and applications used in computer systems. AntispywareAll servers and computer devices within the organization and belonging to the organization should have an installed antispyware application that is capable of providing real-time scanning and protection to applications and files running on the targeted systems if they meet the following (Vacca, 2014):Any system where non-administrative or non-technical users enjoy remote accessibility to the system and other outbound accessibility is allowed to the internetAny system where non-administrative or non-technical users can do the installation of the program on their ownNotable exception to the above antispyware security standard will be granted with documentation and minimal resistance if one of the following notable situations is experienced by this system:The system uses a SQL serverThe system is meant for use in handling dedicated mail serversThe system does not use a platform based on Windows AdwareThe security policy covers other potential malware threats and issues including those associated with adware. It grants the security administrator in consultation with thee management the responsibility to determine the techniques and approaches to be used in the removal a nd prevention of aware. The may make specifications concerning the features and qualities of acceptable removal and prevention software (Aycock, 2011). If the antivirus or antispyware product acquired by the organization has the capability of handling other malwares such as adware, then the security administration team in consultation with the management team ...