Policy 915 - Malicious Code Policy

Section: Information Technology
Policy Number: 915
Responsible Office: Information Technology
Effective Date: 5/1/19
Revised: 5/1/19

Policy Statement

The purpose of this policy is to provide information to St. John’s University’s (St. John’s) IT Department, and the entire University Community, to improve the resistance to, detection of, and recovery from the effects of malicious code. 

Malicious code describes software designed to exploit, infiltrate or damage a computer system without the informed consent of the computer user.  It includes, but is not limited to, computer viruses, worms, trojan horses, rootkits, spyware and adware. Malicious code is typically distributed over the Internet by e-mail or via web pages.

Scope and Applicability

This policy applies to the University Community. Adherence to this policy helps safeguard the confidentiality, integrity and availability of the University’s information assets, and protects the interest of the University, its customers, personnel and business partners.

Policy

In order to prevent information loss due to infection by, and spread of, malicious code and to ensure continued uninterrupted services for St. John’s computers and networks, St. John’s utilizes a viable end point control solution.  

Any device or system that may be affected by computer virus, malware, phishing, mobile code, or email spam that connects to the St. John’s network has the standard end-point protection solution installed and running at all times, as configured or approved by the IT Department. 

Endpoint protection is configured to automatically clean and remove an infected file or to quarantine the infected file if automatic cleaning is not possible. The software is configured to update itself automatically on a regular basis.  

Employees are prohibited from disabling or tampering with the installed software unless authorized to do so by the IT Department. Should there be an incident where a device is detected or suspected to be compromised, access to University resources is removed and St. John’s follows protective measures in accordance with the 923 Information and Cyber Security Risk Incident and Response Policy/Standards for proper guidance to appropriate incident responses.

Definitions

The following are definitions relevant to the policy:

  • University Community: Includes faculty, administrators, staff, student workers, graduate/technical assistants, alumni, interns, guests or agents of the administration, external individuals and organizations accessing University network services, and other authorized users.
     
  • Computing Resources: All data, information as well as the hardware, software, personnel and processes involved with the storage, processing and output of such information.  This includes data networks, servers, PC’s, storage media, printer, photocopiers, fax machines, supporting equipment, fall-back equipment and back-up media.
     
  • Malicious Code: A term used to describe any code that is intended to cause undesired effects, breaches or damage to a system. Types of malicious codes include a virus, worm, Trojan horse, or other code-based malicious entity that infects a host. This type of code is not easily controlled through the use of anti-viral tools.
     
  • Virus:A program that performs an unwanted function on the infected computer. This could involve destructive actions or the collection of information that can be used by the attacker. 
     
  • Trojan: A program that pretends to be legitimate code, but conceals other unwanted functions.It is often disguised as a game or useful utility program. 
     
  • Worm:A program that is capable of copying itself onto other computers or devices without user interaction. 
     
  • Logic bomb: Amalicious code that has been set to run at a specified date and time or when certain conditions are met.
     
  • Rootkit:A program used to disguise malicious activities on a computer by hiding the processes and files from the user. 
     
  • Keylogger: A code that records keystrokes entered by the user. 
     
  • Backdoor:A program that allows unauthorized access at will to an attacker. 
     
  • Adware:A program that automatically renders advertisements in order to generate revenue for its author. 
     
  • Bot:  An autonomous program that can interact with systems and users for malicious intent. 
     
  • Spyware:A program that enables malicious sources to obtain information about another computer’s activity.

Compliance

The University reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy. Instances of non-compliance must be presented to and reviewed and approved by the CIO, the Director of Information Security, or the equivalent officer(s).

All breaches of information security, actual or suspected, must be reported to, and investigated by the CIO and the Director of Information Security. 

Those who violate security policies, standards, or security procedures are subject to disciplinary action up to and including loss of computer access and appropriate disciplinary actions as determined by the University.

Related Policies, Standards or Regulations

  • 919 Information and Cyber-Security Risk Incident Response Policy