Issue/Question
What is the USD IT security policy on Malware Defenses?
Environment
Cause
Protect against cybersecurity threats, establish cybersecurity norms, enhance cybersecurity maturity
Resolution
Malware Defenses
Policy Statement: The University acknowledges the critical importance of implementing robust malware defenses to protect its information systems and data against malicious software threats. This policy establishes guidelines for the deployment and management of malware defenses to detect, prevent, and mitigate malware infections within the University's IT environment.
Policy Implementation:
-
Endpoint Protection:
- The University will deploy endpoint protection solutions, such as antivirus software, anti-malware scanners, and host-based intrusion prevention systems (HIPS), on all endpoints, including desktops, laptops, servers.
- Endpoint Detection and Response software needs to be installed on all systems. Windows, Linux, and MAC.
- Endpoint protection solutions will be regularly updated with the latest malware signatures and threat intelligence feeds to ensure effective detection and mitigation of malware threats.
-
Email Security:
- Email security measures, including spam filtering, antivirus scanning, and attachment sandboxing, will be implemented to detect and block malware-laden emails before they reach users' inboxes.
- Advanced threat protection mechanisms, such as URL rewriting and domain-based authentication, will be employed to mitigate phishing attacks and prevent the delivery of malicious email content.
-
Web Filtering and Content Security:
- Web filtering solutions will be deployed to block access to known malicious websites and prevent users from downloading malware-infected files or accessing malicious content.
- Content security policies will be enforced to restrict the execution of potentially dangerous scripts and prevent drive-by downloads through web browsers.
- Endpoint based, DNS based, and cloud based security will be enabled to block malicious entities including applications that are deemed high risk.
-
Network-Based Defenses:
- Network-based malware defenses, including intrusion detection and prevention systems (IDS/IPS), next-generation firewalls (NGFW), and network-based antivirus scanners, will be deployed to monitor and filter network traffic for signs of malware activity.
- Network security controls will be configured to block known malware signatures, suspicious network behavior, and command-and-control communications associated with malware infections.
-
User Education and Awareness:
- The University will provide regular cybersecurity awareness training to educate users about common malware threats, including phishing, ransomware, and social engineering attacks.
- Training materials and resources will be made available to users to promote safe computing practices, such as avoiding suspicious links, not downloading unknown attachments, and reporting suspected malware incidents promptly.
Compliance and Enforcement: Non-compliance with this policy may result in disciplinary action, including but not limited to loss of access privileges, fines, or termination of employment. All members of the University community are responsible for adhering to this policy and actively participating in malware defense measures.
Policy Review: This policy will be reviewed annually to ensure alignment with emerging threats, changes in technology, and regulatory requirements. Updates will be made as necessary to maintain the effectiveness and relevance of malware defense measures.
This policy provides a comprehensive framework for implementing CIS Control 10 within the University environment, focusing on deploying and managing malware defenses to protect against malicious software threats and safeguard University information systems and data.
Please contact the Service Desk if you need further assistance