Overview:

The Office of Information Technology directs the establishment of malicious code protection in order to proactively prevent the exploitation of devices and potential loss of sensitive data. The Office of Information Technology will create and document systematic and accountable practices to prevent malicious code. The goals of this effort are to implement stronger protection for the Office of Information Technology  resources, ensure compliance with best practices, and reduce the impact of threats to TSTC and its constituents.

Purpose: 

This document  establishes an outline of the procedure and procedures for detecting and preventing malicious code execution on the TSTC network. The purpose of preventing malicious code execution is to manage risks that may impact Texas State Technical College (TSTC) from malware, viruses, and other cyber attacks. This will be a continuous monitoring of university information assets through the establishment of an effective security planning program.

Scope

This procedure applies to all TSTC systems with or without Internet access throughout the network and on all workstations, servers, and mobile computing devices on the network.

All users are responsible for adhering to this procedure. If needed or appropriate, information regarding roles, responsibilities, management commitment, and coordination among organizational entities are embedded within these procedures.

Procedure: 

• TSTC shall employ virus protection mechanisms to detect and eradicate malicious code (e.g.,viruses, worms, Trojan horses) at critical points throughout the network and on all workstations, servers and mobile computing devices on the network.
• TSTC shall ensure malicious code protection is enabled on all of the critical points and information systems and resident scanning is employed.
• TSTC shall implement malicious code protection mechanisms at critical information system entry points (e.g. firewalls, electronic mail servers, remote-access servers). 

Operational Procedures:

TSTC on a continual basis will perform antivirus scans of TSTC computing resources or when an incident potentially affecting the computing resource is identified and reported. 

Procedures for Detecting malicious code:

1. All TSTC computing resources must have the approved standard antivirus/active web monitoring software installed. 

2. Run the current version and install anti-virus software updates as they become available.

3. Anti-virus software is to be enabled on all workstations and servers.

4. On servers, update virus signatures files immediately, or as soon as possible, with each new release.

5. Users must NEVER open any files or macros attached to an email from an unknown, suspicious, or untrustworthy source. Delete these attachments immediately, then “double delete” them by emptying your trash.

6. Delete spam, chain, and other junk email without forwarding.

7. Never download files from unknown or suspicious sources.

8. Avoid direct disk-sharing with read/write access unless there is absolutely an agency requirement to do so.

9. Always scan any portable media that is brought into the agency before introducing it to the network. (Flash drives, CD’s, external hard drives, etc.)

Definitions and Terms

Malicious Code

Unwanted files or programs that can cause harm to a computer or compromise data stored on a computer. Various classifications of malicious code include viruses, worms, and Trojan horses.

Antivirus

A program designed to detect and remove or destroy computer viruses and other kinds of malicious software from a computing resource.

Risk

The possibility of a malicious attack or other threat causing damage or downtime to a computer system

Information Resource

Any computer printouts, online display devices, magnetic storage media, and all computer-related activities involving any device capable of receiving email, browsing Websites, or otherwise capable of receiving, storing, managing, or transmitting electronic data including, but not limited to, mainframes, servers, personal computers, notebook computers, hand-held computers, personal digital assistant (PDA), pagers, distributed processing systems, network attached and computer controlled medical and laboratory equipment (i.e. embedded technology), virtual reality platforms, telecommunication resources, network environments, telephones, fax machines, printers and service bureaus and the procedures, virtual reality systems, equipment, facilities, software, and data that are designed, built, operated, and maintained to create, collect, record, process, store, retrieve, display, and transmit information on those resources.