Security Policy Paper (Essay Sample)

Policy Paper
Name Surname
Institution’s Name

Security policy for antivirus, spyware and adware for a medium-sized organization
Introduction
Antivirus, spyware, and adware are categories of malware. Malwares refer to types of software whose installation into a computer leads to the performance of undesired tasks. The intension for using malwares is often for the benefit of a third party. There are many malware programs, which include those that cause simple annoyances and those with the ability to cause serious computer damage through their invasion. Some of the serious damages and loses that could happen to a computer due to antivirus, spyware, and adware invasion include data loss, sharing of passwords and malfunctioning of the computer. In addition, certain malware programs are meant to transfer information regarding website activities to third parties (Vacca, 2013).
Overview
The security policy addresses antivirus, spyware, and adware in a medium-sized organization. It defines the handling of computer gadgets in the organization including how regularly computer software maintenance is expected to be performed, the manner in which computer updates are conducted, the type of programs to be installed and used on computers. The policy also defines the means by which prevention and removal of malware programs from computers is done (Aycock, 2011). It also denotes the types of files attachments to be blocked at the mail server, anti-virus and anti-spyware programs to be run on the server. The policy also specifies whether the use an anti-spam firewall is acceptable in order to offer additional security measures to the mail server (Aycock, 2011).
It also specifies the manner in which files should be availed to the trusted sites and the examination process to determine unwanted or hostile content. A virus has the ability to replicate and distribute to other programs in the computer (Aycock, 2011). It also causes damage by using up computer memory, reformatting the hard disk and deleting files. A spyware automatically gathers information from a computer and online activities and transfers it to other interested parties. Adware is financially supported or that which offers financial support to a different program through the display of ads when a computer is connected to the Internet (Aycock, 2011).
Purpose
This security policy is designed with the aim of ensuring protection of the organizational resources against interference of intrusion by viruses, spyware, adware and other malware.
Scope
This policy is applicable to all computers and servers that are connected or associated with the organization network through wireless connections, standard network connections, virtual private network connections or modem connections. The policy explicitly includes computers owned by the organization, individuals or sharing the organization’s network. The computer definition in this policy includes laptop computers, desktop workstations, handheld computing gadgets and servers (Vacca, 2013).
Policy statements
Antivirus
All servers, computer devices belonging to the organization are expected to have an installed antivirus application that is capable of providing real-time scanning and protection for applications and files. It is important for the targeted systems to comply with the following requirements (Aycock, 2011):
The availability of remote access capability to non-administrative users
A file server is possessed by the system
Microsoft Share accessibility is possible to this server through systems accessed by non-administrative users
HTTP/FTP access is accessible from the internet
Applications/Protocols can access this system from the Internet by the organization’s security administrator
Availability of outbound web access from the system
The organization is expected to use single antivirus software for protection as specified by the organizations security administrator. The minimum requirements, which should be enforced within the organization, are:
The antivirus software shall be in operation in real time on all computer devices and servers within the organization. The antivirus shall also be configured in order to offer protection on a real time basis.
The antivirus definition shall undergo updates at least on a single occasion in a day.
Antivirus scanning to the servers and computer appliances within the organization shall be performed at least once per week.
No one is allowed to stop antivirus updates process and antivirus scans process except the domain administrators.
All servers and computer appliances within the organization and belonging to the organization shall have an antivirus application installed that provides protection. The antivirus shall be used to scan files and applications used in computer systems.
Antispyware
All servers and computer devices within the organization and belonging to the organization should have an installed antispyware application that is capable of providing real-time scanning and protection to applications and files running on the targeted systems if they meet the following (Vacca, 2014):
Any system where non-administrative or non-technical users enjoy remote accessibility to the system and other outbound accessibility is allowed to the internet
Any system where non-administrative or non-technical users can do the installation of the program on their own
Notable exception to the above antispyware security standard will be granted with documentation and minimal resistance if one of the following notable situations is experienced by this system:
The system uses a SQL server
The system is meant for use in handling dedicated mail servers
The system does not use a platform based on Windows
Adware
The security policy covers other potential malware threats and issues including those associated with adware. It grants the security administrator in consultation with thee management the responsibility to determine the techniques and approaches to be used in the removal and prevention of aware. The may make specifications concerning the features and qualities of acceptable removal and prevention software (Aycock, 2011). If the antivirus or antispyware product acquired by the organization has the capability of handling other malwares such as adware, then the security administration team in consultation with the management team ...