Policy 915 - Malicious Code Policy

Section: Information Technology
Policy Number: 915
Responsible Office: Information Technology
Effective Date: 5/1/19
Revised: 5/1/19; 6/11/20

Policy Statement

The purpose of this policy is to provide information to St. John’s University’s (St. John’s) IT Department, and the entire University Community, to improve the resistance to, detection of, and recovery from the effects of malicious code. 

Malicious code describes software designed to exploit, infiltrate, or damage a computer system without the informed consent of the computer user.  It includes, but is not limited to, computer viruses, worms, trojan horses, rootkits, spyware, and adware. Malicious code is typically distributed over the Internet by e-mail or via web pages.

Scope and Applicability

This policy applies to the University Community.  Adherence to this policy helps safeguard the confidentiality, integrity, and availability of St. John’s information assets, and protects the interest of St. John’s, its customers, personnel, and business partners.

Policy

To prevent information loss due to infection by, and spread of, malicious code and to ensure continued uninterrupted services for St. John’s computers and networks, St. John’s utilizes a viable endpoint control solution.  

Any device or system that may be affected by computer virus, malware, phishing, mobile code, or email spam that connects to the St. John’s network has the standard endpoint protection solution installed and running at all times, as configured or approved by the IT Department. 

Endpoint protection is configured to automatically clean and remove an infected file or to quarantine the infected file if automatic cleaning is not possible. The software is configured to update automatically on a regular basis.  

Employees are prohibited from disabling or tampering with the installed software unless authorized to do so by the IT Department. Should there be an incident in which malicious code is detected or it is suspected that a device has been compromised, access to St. John’s resources will be removed and St. John’s will follow protective measures in accordance with the 919 - Information and Cyber Security Risk Incident and Response Policy/Standards for proper guidance in order to ensure appropriate incident response.

Definitions

The following are definitions relevant to the policy:

  • University Community: Includes faculty, administrators, staff, student workers, graduate/technical assistants, alumni, interns, guests or agents of the administration, external individuals and organizations accessing St. John’s network services, and other authorized users.
     
  • Computing Resources: All data, information as well as the hardware, software, personnel, and processes involved with the storage, processing, and output of such information.  This includes data networks, servers, PCs, storage media, printer, photocopiers, fax machines, supporting equipment, fall-back equipment and back-up media.
     
  • Malicious Code: A term used to describe any code that is intended to cause undesired effects, breaches, or damage to a system. Types of malicious codes include a virus, worm, Trojan horse, or other code-based malicious entity that infects a host. This type of code is not easily controlled through the use of anti-viral tools.
     
  • Virus:A program that performs an unwanted function on the infected computer. This could involve destructive actions or the collection of information that can be used by the attacker. 
     
  • Trojan horse: A program that pretends to be legitimate code but conceals other unwanted functions.  It is often disguised as a game or useful utility program. 
     
  • Worm:A program that can copy itself onto other computers or devices without user interaction. 
     
  • Logic bomb: Amalicious code that has been set to run at a specified date and time or when certain conditions are met. 
     
  • Rootkit:A program used to disguise malicious activities on a computer by hiding the processes and files from the user. 
     
  • Keylogger: A code that records keystrokes entered by the user. 
     
  • Backdoor:A program that allows unauthorized access at will to an attacker. 
     
  • Adware:A program that automatically renders advertisements in order to generate revenue for its author. 
     
  • Bot:  An autonomous program that can interact with systems and users for malicious intent. 
     
  • Spyware:A program that enables malicious sources to obtain information about another computer’s activity.

Compliance

St. John’s reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy. Instances of non-compliance must be presented to, reviewed, and approved by the CIO, the Director of Information Security, or the equivalent officer(s).

All breaches of information security, actual or suspected, must be reported to, and investigated by the CIO and the Director of Information Security. 

Those who violate security policies, standards, or security procedures are subject to disciplinary action up to and including loss of computer access and appropriate disciplinary actions as determined by St. John’s.

Related Policies, Standards or Regulations