Computer Malware Procedure | ITSD105

Computer Malware Procedure

The Computer Malware Procedure prevents data loss corruption or misuse of your company’s information that may occur when malware or “malicious software” is introduced into its IT network. This Computer Malware Procedure applies to all of your company’s personnel and to all computer hardware and software comprising the company’s IT network. (6 pages, 1792 words)

Computer Malware Responsibilities:

The Information Technology Security Manager is responsible for implementing malware control procedures, training LAN Administrators and other Information Systems Department personnel, training users on computer malware control, and evaluating and updating appropriate computer malware detection software.

The LAN Administrator is responsible for coordinating actions required to prevent computer malware outbreaks, coordinating all actions required to eradicate the malware, and recovering data to the greatest extent possible.

The Tech Support Manager is responsible for installing and maintaining malware protection on Information Technology assets and for cleaning malware infections from company applications, devices, etc.

Users are responsible for following the guidelines of this policy document and for immediately notifying the Information Technology Security Manager in the event a malware attack is suspected.

Computer Malware Definitions:

Malware – Short for “malicious software”, malware is designed to damage, disrupt, or abuse an individual computer or an entire network and/or steal or corrupt an organization’s most valuable and sensitive data.  Viruses, worms, and Trojan horses are examples of malware.

Spam or junk email – Unsolicited commercial email sent in bulk over the Internet. Spam puts a cost and a burden on recipients by clogging up network bandwidth, consuming disk space, and wasting employees’ time. Spam is frequently a malware vector.

Subscription service – A service whereby a software vendor offers support for its product, usually for a predetermined time period. Anti-virus vendors typically include a one-year subscription (for updates, notices, etc.) with the purchase of a product license. Many vendors offer fee-based subscription services whereby subscribers automatically receive notifications, security bulletins, etc., for a set period of time.

Target – The ultimate destination for malware; that which the malware is designed to attack. Boot sectors, hard disk drives, email servers, and departmental (HR, accounting, etc.) servers are examples of malware targets.

Vector – How malware is carried to a computer, server, or system.

Computer Malware Procedure Activities

• Planning Malware Defense
• Malware Defense Plan
• Malware Defense Review
• Malware Defense Plan Update

Computer Malware Procedure References

• ISO/IEC Standard 27002:2013- Information Technology-Code of Practice for Information Security Management
• National Institute for Standards and Technology (NIST) Draft Special Publication 800-83- Guide to Malware Incident Prevention and Handling (August 11, 2005)