6.11 CONTROLS AGAINST MALICIOUS SOFTWARE
Effective: August 15, 2024
Purpose: Emporia State University is committed to maintaining the confidentiality, integrity, and accessibility of the information assets it owns or controls. Malicious software, also known as malware, poses a threat to University information systems by taking up bandwidth making normal network communications difficult, destroying critical data, or making it easy for unauthorized access to our resources. The risks to the University’s information can be greatly reduced if all workstations have active, up-to-date anti-malware and operating system software.
This policy is established to ensure that computing devices within the University network environment are protected from malware to the best of our ability.
Scope: This policy applies to all wired and wireless workstations and servers connecting to the University network.
Responsible Office: Information Technology
Policy Statement: It is the responsibility of each user to ensure that the workstation they are using has an approved copy of anti-malware software installed and running with automatic updates enabled.
It is the responsibility of IT staff to provide a licensed copy of approved anti-Malware software to each University-owned and maintained workstation, to provide a means whereby students can obtain a licensed copy of anti-malware software, and to periodically audit for compliance with this policy.
Students who do not own approved anti-malware software should obtain a licensed copy.
The Information Security Officer is responsible for monitoring and reporting compliance with this policy and for reviewing this policy on an annual basis.
All workstations and servers connecting to the University network environment must have approved anti-malware software installed and running. Malware definitions for that software must be updated weekly or as directed by IT staff. Procedures for obtaining approved software and for updating anti-malware definitions can be found in the Controls Against Malicious Software Standards.
Workstations found to be out of compliance with this policy may be blocked from the network until such time as they become compliant.
The President or designee must approve any exceptions to this policy.
Definitions: All words and phrases shall be interpreted utilizing their plain meanings unless otherwise defined in another University or Board of Regents policy or by statute or regulation.
Procedures: All procedures linked and related to the policies above shall have the full force and effect of policy if said procedures have first been properly approved by the University’s administrator in charge of Information Technology.
[Information Technology procedures - coming soon]
Related Policy Information: [coming soon]