Policies & Procedures

Malware Protection 6021

I. PURPOSE

The purpose of this policy is to protect Longwood University information technology resources and systems from the introduction of malware.

II. DEFINITION

Malware: Malware, short for malicious software, is any software designed to damage, disrupt, harm or compromise any computer, server or network. Viruses, worms, trojans, rootkits, bots, and spyware are all various forms of malware.

III. POLICY

All Longwood users and information technology resources and systems must operate in a way that protects against malware.

  1. Prevention of malware:
    1. Users should not intentionally develop or experiment with malware on the University's network.
    2. Users should not intentionally spread malware on the University's network by:
      1. Failing to run and maintain malware protection software.
      2. Improperly using operating systems and or software updates.
      3. Arbitrarily opening e-mails, specifically:
        1. opening e-mail attachments within said e-mails.
        2. clicking on links within said e-mails.
        3. responding to said e-mails with requested personal information (phishing emails).
      4. Arbitrarily opening files contained on portable media.
      5. Failing to validate links, "hover over", when navigating the internet.
    3. Due to possible software vulnerabilities, users should not install software on University managed computing devices unless prior authorization is granted by the Information Security Officer (ISO) or his or her designee.
  2. Deployment of Malware Protection:
    1. All University managed computing devices, whether connected to the University network or standalone:
      1. must utilize Information and Instructional Technology Services (IITS) approved malware protection software and configuration.
      2. must maintain malware protection software and configuration such that the software is not removed, disabled, bypassed or altered in a manner that will reduce the effectiveness of the protection.
    2. All non-University computing devices, while connected to the University network, must utilize adequate malware protection software.
    3. All E-mail sent and received by the University's mail system will be examined for malicious code.
  3. Exceptions and Exemptions:
    Exceptions to or exemptions from any provision of this policy must be approved in writing by the Chief Information Officer (CIO) or his or her designee.

IV. ENFORCEMENT

The University regards any violation of this policy as a serious offense. Violators of this policy are subject to disciplinary action, in addition to possible cancellation of IT resources and systems access privileges. Users of IT resources and systems at Longwood are subject to all applicable local, state and federal statutes. This policy does not preclude prosecution of criminal and civil cases under relevant local, state, federal and international laws and regulations.

Approved by the Board of Visitors, April 1, 2005.
Approved by the Board of Visitors, December 7, 2007.
Revised and approved by the Board of Visitors, March 27, 2009.
Revised and approved by the Board of Visitors, September 14, 2012

Visit
Strategic Operations
on www.longwood.edu