Malware defense policy

Purpose

Malware defence includes the configuration, maintenance, detection, reporting, and remediation of anti-malware software and the malware it identifies. The Malware Defence Policy provides the processes and procedures to accomplish those tasks. This policy applies to all Faculties and Directorates and all assets connected to the enterprise network.

Responsibility

The Digital and Technology Services (DTS) directorate is primarily responsible for malware defence.  DTS is responsible for informing all users of their responsibilities in the use of any assets assigned to them. All enterprise assets are required to comply with the malware defence policy and procedures. 

Users are responsible for connecting their devices to the enterprise network, regularly applying malware signature updates, and restarting their devices as appropriate. 

It is the user’s responsibility to read and understand this policy and to conduct their activities in accordance with its terms. Users who find the policy statements to be unclear are encouraged to reach out to Digital and Technology Services (DTS) (https://www.dundee.ac.uk/it) to clarify ambiguities.

Exceptions

Exceptions to this policy must be requested in writing and approved by your manager. This must contain: 

• The reason for the request, 
• Risk to the University of not following the written policy, 
• Specific mitigations that will not be implemented, 
• Technical and other difficulties, and 
• Date of review. 

All exceptions must be requested to DTS via the University Service Desk Self-Service Portal: https://help4u.dundee.ac.uk. 

Policy

Configuration

1. DTS must install anti-malware software on all enterprise assets where appropriate. 
2. Users must not disable anti-malware software on their enterprise assets 
3. Users must not modify the update frequency configured and specified as part of the Secure Configuration Management Policy. 

Update

1. Anti-malware software must be configured to automatically update. 
2. DTS must ensure that anti-malware signatures are kept up to date as they become available via an automatic update process.
3. Operating systems must be configured to automatically update, unless an alternative approved patching process is used. 

Detection 

1. DTS must ensure that anti-malware software is properly functioning on all enterprise assets. 

Reporting 

1. All confirmed critical and high severity alerts must be reported to the system owner. 
2. The presence of unauthorised software must be properly investigated. 

Remediation 

1. Identified malware must be removed from enterprise assets. 
2. Unauthorised software must be removed from use on enterprise assets or receive a documented exception. 
3. All exceptions must be noted in the software inventory. 
4. All exceptions must be noted in the exception register. 

Reporting Violations 

1. Security incidents must be reported immediately to the University Service Desk Self-Service Portal https://help4u.dundee.ac.uk. 
2. Users are responsible for understanding and complying with this policy. 
3. University DTS Department is responsible for enforcing controls and monitoring compliance. 
4. Violations may result in suspension or termination of access, disciplinary action under institutional procedures or legal action where applicable. 

Review and Updates

This policy will be reviewed annually by the University and updated as necessary to reflect changes in technology, legislation, or institutional priorities.