University information resources are strategic assets, which as property of the State of Texas, must be managed as valuable state resources. The integrity and continued operation of University information resources are critical to the operation of the University. Malicious code can disrupt normal operation of University information resources. This procedure is intended to provide information to University information resource administrators and users to improve the resistance to, detection of, and recovery from the effects of malicious code.
This procedure applies to all University network information resources. The purpose of the implementation of this procedure is to provide a set of measures that will mitigate information security risks associated with Malicious Code. The intended audience for this procedure includes all owners, managers, system administrators, and users of University information resources.
1. For each computer connected to the University network, security updates from the manufacturer of the appropriate operating system, and/or application software, must be kept current (e.g, patched and updated).
2. Where feasible, host-based firewall software or hardware shall be installed to aid in the prevention of malicious code attacks/infections.
3. Email attachments and shared files of unknown integrity shall be scanned for malicious code before they are opened or accessed. This process should be automated and transparent to the user when possible.
4. External media and other storage devices will be scanned for malicious code before accessing any data on the media.
5. Software to safeguard against malicious code (e.g., antivirus, anti-spyware, etc.) shall be installed and functioning on susceptible information resources that have access to the University network.
6. Software safeguarding information resources against malicious code should be configured so that it cannot disabled or bypassed by end-users.
7. The settings for software that protect information resources against malicious code should not be altered in a manner that will reduce the effectiveness of the software.
8. The automatic update frequency of software that safeguards against malicious code shall not be disabled, altered or bypassed by end-users to reduce the frequency of updates.
1. All reasonable efforts shall be made to contain the effects of any system that is infected with a virus or other malicious code. This may include disconnecting systems from the network or disabling email accounts.
2. If malicious code is discovered, or believed to exist, an attempt should be made to remove or quarantine the malicious code using current antivirus or other control software.
3. If malicious code cannot be automatically quarantined or removed by antivirus software, the system shall be disconnected from the network to prevent further possible propagation of the malicious code or other harmful impact. The presence of the malicious code shall be reported to Information Technology, so that appropriate actions may be taken to remove the malicious code and protect other systems.
4. Personnel responding to the incident should have or be given the necessary access privileges and authority to affect the necessary measures to contain/remove the infection.
5. If possible, identify the source of the infection and the type of infection to prevent recurrence.
6. Any removable media (including diskettes, writable CD/DVDs, and external storage devices, etc.) recently used on an infected machine shall be scanned prior to opening and/or executing any files contained therein.
7. Information Technology personnel should thoroughly document the incident noting the source of the malicious code (if possible), resources impacted, and damage or disruption to information resources, and follow the University Information Security Standard Administrative Procedure for Incident Management procedure to report the incident.
University Information Security Standard Administrative Procedure for Incident Management
Last Updated March 31, 2014
To request a change to this page or to request access to make changes yourself, email helpdesk@tamuc.edu.