- What Is a Security Incident?
- Incident Response Protocol
- Data Breach Notification
- Copyright Complaint
Computer viruses (including trojans, worms, etc.) represent a substantial risk to the University community in terms of time, money, and potential data loss. The sophistication, damage, and speed of propagation have been increasing over time.
To protect against the spread of these viruses on University computers and reduce institutional risk, the University advisory committee has recommended and the Chief Information Officer has approved a "two-tier" anti-virus standard. Two-tier protection means that anti-virus software is used on both the desktop and server systems. This is a common practice for protecting information technology resources on large complex networks and provides a layer of protection beyond that of the basic security requirement of regularly updating and patching the computer system.
Desktop and personal computers, including laptop computers, connected to the University network are required to maintain and use an up-to-date version of anti-virus software (or virus filtering software for Unix desktops) configured according to relevant standards.
The most common desktop operating systems at the University are various versions of Microsoft Windows and Apple Macintosh. Desktop computers should use anti-virus software even if they don't use e-mail on the computer. Although e-mail is a common source of virus infection, it is not the only one; network and web page propagation have also been used by recent viruses.
Computers used to control or report results from instrumentation (such as research instrument controllers) and some proprietary uses of desktop computers present unique challenges. If, for some reason anti-virus protection is not feasible, other risk mitigation alternatives (in addition to routine system patching) are required such as the removal of e-mail and other services and use of a software firewall. In some cases, removal of the computer from the University network may be the best alternative to mitigate the risk.
E-mail servers are required to maintain and use an up-to-date version of anti-virus software configured according to relevant standards. Because they send and receive e-mail for multiple users that potentially contains viruses capable of infecting others, these servers represent a significant risk.
For servers other than those used as e-mail servers, use of anti-virus software is highly recommended whenever feasible. In some cases use of anti-virus software on these other servers may not be appropriate. However, if e-mail is hosted on a multi-purpose server, anti-virus or virus filtering software on the server is required.
The Office of Information Technology (OIT) offers free, centrally-funded e-mail accounts to students, staff, and faculty that are protected by anti-virus software. Unless there is a compelling requirement not met by the central e-mail service, this is the recommended e-mail server service in lieu of departmental servers.
For the desktop, OIT has purchased a site license for commercial desktop anti-virus software for many common computing platforms. This licensed software is available free of charge to all staff and faculty on all campuses of the University. When installed and properly configured, this product provides significant protection against viruses. See the required configuration in the Basic Security for Computers and Other Electronic Devices Procedure.