Effective Date: 2017-02-01
Last Reviewed: –
Owner: IST Austria IT
|1.0||February 2017||Initial Version, introduced with new Viruscan (ESET)||Stephan Stadlbauer|
|1.1||October 2017||Version copied to IT page, removed chapter “Document action”
added Document header.
|Stephan Stadlbauer||Head of IT||2017-02-01|
This policy is designed to help prevent infection of IST Austria computers, networks, and technology systems by computer viruses and other malicious code. This policy is intended to help prevent damage to user applications, data, files, and hardware.
All faculty, staff, students; as well as vendors, contractors, partners, collaborators and any others doing business or research with the institute that involves access to IST Austria computers, networks and/or technology systems, will be subject to the provisions of this policy. Any other parties, who use, work on, or provide services involving IST Austria computers, networks, and technology systems will also be subject to the provisions of this policy.
- All computer devices connected to the Institute of Science and Technology Austria network or networked resources shall have anti-virus software installed and configured so that the virus definition files are current, routinely and automatically updated. The anti-virus software must be actively running on these devices.
- All computers owned by the Institute and used by faculty and staff must have the most recent version of anti-virus provided by IST Austria IT installed.
- All Windows PC’s are to be configured such, that they schedule regular operating system updates as provided by the vendor (Windows updates).
- Macintosh systems are to be configured to schedule regular updates from the software manufacturer (Apple security updates).
- Linux systems are to be configured to schedule regular updates from the distribution.
- All files on computer devices will be scanned periodically for viruses.
- If deemed necessary to prevent propagation to other networked devices or detrimental effects to the network or data, an infected computer device may be disconnected from the Institute network until the infection has been removed.
- Exceptions to this policy may be allowed if a computer device cannot have anti-virus software installed. Possible examples of this would be vendor-controlled systems, or devices where anti-virus software has not yet been developed. In these cases, special networks will be used, which protect the device from infection.
- An exception may be granted if an infected computer device is discovered that performs a critical function and may not be immediately taken off-line without seriously impairing some critical business function. Under those circumstances, a plan will be developed to allow the computer device to be taken off-line and the infection purged while protecting the function of the device.
IST Austria IT provides eset Endpoint Antivirus anti-virus/anti-malware software for IST Austria owned devices free of charge.
For own devices, Microsoft Security Essentials (Microsoft Defender on Windows 10) is available for the Windows environment and ClamXav is available for the MacOS environment. Both are available as free downloads.
- When infected computers are discovered through routine scanning processes, or reported to IT Support, managers, or owners, will be given until 5 p.m. that day to correct the problem or remove the computer from the network. IST Austria IT will remove network access if the problem has not been corrected, and reserves the right to remove any infected computer at any time should security of IST Austria data or networks be compromised.
- Any person found to have violated this policy will be subject to appropriate disciplinary action as defined by current Institute of Science and Technology Austria policy and/or collective bargaining agreements. This policy will not supersede any IST Austria developed policies but may introduce more stringent requirements than the Institute policy.
Note: These rules and requirements may be amended at any time by IST Austria IT consistent with current collective bargaining agreements, Institute policies, and applicable law. Changes will be reviewed by appropriate IST Austria entities prior to posting.