91̽

Search within:

Virus/malware protection standard

Purpose

The Office of Information Technology (OIT) is strongly committed to providing OHIO users with a safe and stable computing environment. To ensure the security and integrity of university information and information technology resources, malicious software such as viruses, worms, trojans, etc. (“MALWARE”) must be actively guarded against, eradicated, or quarantined. Antivirus/malware software works to detect, block, and remove computer viruses and other malicious software.

Scope

This standard applies to all faculty, staff, students, and third parties which do business with the university.

Standard

  • All devices which are used for collecting, creating, storing, processing, or distributing university data must have the most recent version of OIT-approved antivirus/malware software.
  • The anti-virus software must be active, be scheduled to perform virus checks on all files at regular intervals and have its virus definition files kept up to date.
  • If a user suspects that a computer contains sensitive information, and is infected with malware, it must be reported to OIT Contact Center.
  • Approved software:

Definitions

Malware: is the general term covering all the different types of threats to your computer safety such as viruses, spyware, worms, trojans, rootkits and so on.

Anti-virus software: computer software used to prevent, detect and remove malicious software.

Removable storage devices: any type of storage device that can be removed from a computer while the system is running, making it easy for a user to move data from one computer to another. Examples include CDs, DVDs and Blu-Ray disks, diskettes and USB drives.

University data: is the general term used to refer to data created, stored, or processed in the course of conducting university business and subject to 91̽’s Data Classification Policy 93.001. Such examples may include but not be limited to grade, enrollment, financial or human resources data. Additional information can be found by reviewing the Information Security Office’s Data Classification Table.

References

  • Policy 93.001 Data Classification
  • Policy 91.005 Information Security
  • NIST 800 Series Publications

Exceptions

All exceptions to this standard must be formally documented with the ISO prior to approval by the Information Security Governance Committee (ISGC). Standard exceptions will be reviewed and renewed on a periodic basis by the ISO.

Request an exception:

Complete: Exception request form.

Governance

This standard will be reviewed and approved by the university Information Security Governance Committee as deemed appropriate based on fluctuations in the technology landscape, and/or changes to established regulatory requirement mandates.

Reviewers

The reviewers of this standard are the members of the Information Security Governance Committee representing the following University stakeholder groups:

  • Information Technology: Ed Carter (Chair)
  • Human Resources: Michael Courtney
  • Faculty: Hans Kruse
  • Faculty: Brian McCarthy
  • Finance and Administration: Julie Allison
  • Associate Dean: Shawn Ostermann
  • Regional Higher Education: Larry Tumblin
  • Research and Sponsored Programs: Maureen Valentine
  • Enterprise Risk Management and Insurance: Larry Wines

History

Draft versions of this policy were circulated for review and approved on 02/03/2022.