Old Dominion University
Information Technology Standard
05.4.0 Virus & Malicious Code Protection Standard
| Date of Current Revision or Creation: | November 1, 2021 |
The purpose of an Information Technology Standard is to specify requirements for compliance with Old Dominion University Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.
-
Purpose
The purpose of this standard is to define the requirements to protect and defend the Old Dominion University network from the spread of a computer virus or other unintended or malicious destruction.
-
Definitions
Endpoint Protection - Software intended for the protection of laptop and desktop resources both on and off-campus that is licensed by ODU for use by faculty and staff computers.
Data Users/Users - Individuals and organizations that access institutional data and information in order to perform their assigned duties or to fulfill their role in the University community.
Malicious Code - the term used for any code in any part of a software system or script that is intended to cause undesired effects, security breaches, or damage to a system. Malicious code can include attack scripts, viruses, worms, Trojan horses, backdoors, and malicious active content.
-
Standards Statement
Malicious Code Protection
Users will not willfully introduce virus-infected media or other foreign materials into any University systems without proper authorization and without using up-to-date, approved virus-scanning software.
Advanced endpoint protection will be used on ITS-managed desktops, laptops, and servers. All devices connected to the network, including off-campus computers, should have some form of anti-virus, endpoint protection, or be configured according to best practice for the operating system. Personally owned devices are also subject to compliance when connected to the ODU network.
Information Technology Services will monitor network activity and take appropriate action to control infection. Any server or client known to be an infecting agent will be disconnected and the user notified immediately. The user or department will be responsible for bringing the device into compliance.
Malicious Code Protection
Users will not intentionally develop or experiment with malicious programs and are prohibited from knowingly propagating malicious programs including opening attachments from unknown sources.
ODU will provide malicious program detection, protection, eradication, logging, and reporting capabilities for IT systems and users. Malicious program protection should remove or quarantine malicious programs that it detects; provide alert notifications; protect memory and storage devices; protect against files retrieved through a network connection or from an input storage device; allow only authorized personnel to modify program settings; monitor activity, maintain logs of protection activities, or some combination of these.
Disciplinary Action
Users who willfully disregard this Standard are subject to disciplinary actions as provided for in other organizational employment and human resources policies.
-
Procedures, Guidelines & Other Related Information
Federal and State Law
University Policy 3500 Policy on the Use of Computing Resources
-
History
Date
Responsible Party
Action
October 2009
ITAC/CIO
Reaffirmed
October 2010
ITAC/CIO
Reaffirmed
October 2011
ITAC/CIO
Reaffirmed
October 2012
ITAC/CIO
Reaffirmed
December 2012
ITAC/CIO
Merged Virus Protection and Malicious Code Protection Standards
Numbering revision
August 2013
IT Policy Office
Departmental name update
August 2015 IT Policy Office/ISO Three year review; links and terminology updated. December 2018 IT Policy Office Definitions and links checked November 2021 IT Policy Office Definitions and links checked