- Home
- My St. John's
- Policy 915 - Malicious Code Policy
Section: Information Technology
Policy Number: 915
Responsible Office: Information Technology
Effective Date: 5/1/19
Revised: 5/1/19; 6/11/20; 5/23/22
Policy Statement
The purpose of this policy is to provide information to St. John’s University’s (St. John’s) Office of Information Technology (IT) and the entire University community to improve the resistance to, detection of, and recovery from the effects of malicious code.
Malicious code describes software designed to exploit, infiltrate, or damage a computer system without the informed consent of the computer user. It includes, but is not limited to, computer viruses, worms, Trojan horses, rootkits, spyware, and adware. Malicious code is typically distributed over the internet by email or via web pages.
Scope and Applicability
This policy applies to the University community. Adherence to this policy helps safeguard the confidentiality, integrity, and availability of St. John’s information assets, and protects the interest of St. John’s, its customers, personnel, and business partners.
Policy
To prevent information loss due to infection by, and spread of, malicious code, and to ensure continued uninterrupted services for St. John’s computers and networks, the University utilizes a viable endpoint control solution.
Any device or system that may be affected by computer virus, malware, phishing, mobile code, or email spam that connects to the St. John’s network has the standard endpoint protection solution installed and running at all times, as configured or approved by IT.
Endpoint protection is configured to automatically clean and remove an infected file or to quarantine the infected file if automatic cleaning is not possible. The software is configured to update automatically on a regular basis.
Employees are prohibited from disabling or tampering with the installed software unless authorized to do so by the Office of IT. Should there be an incident in which malicious code is detected, or it is suspected that a device has been compromised, access to St. John’s resources will be removed and St. John’s will follow protective measures in accordance with the 919 – Information and Cyber Security Risk Incident and Response Policy/Standards for proper guidance in order to ensure appropriate incident response.
Definitions
The following are definitions relevant to the policy:
- University community: Includes faculty, administrators, staff, student workers, graduate/technical assistants, alumni, interns, guests, or agents of the administration, external individuals, and organizations accessing St. John’s network services, and other authorized users
- Computing Resources: This includes all data, information as well as the hardware, software, personnel, and processes involved with the storage, processing, and output of such information. It includes data networks, servers, PCs, storage media, printer, photocopiers, fax machines, supporting equipment, fallback equipment, and back-up media.
- Malicious Code: This is a term used to describe any code that is intended to cause undesired effects, breaches, or damage to a system. Types of malicious codes include a virus, worm, Trojan horse, or other code-based malicious entity that infects a host. This type of code is not easily controlled through the use of antiviral tools.
- Virus: A virus is a program that performs an unwanted function on the infected computer. This could involve destructive actions or the collection of information that can be used by the attacker.
- Trojan horse: This is a program that pretends to be legitimate code but conceals other unwanted functions. It is often disguised as a game or useful utility program.
- Worm: A program that can copy itself onto other computers or devices without user interaction
- Logic bomb: A malicious code that has been set to run at a specified date and time or when certain conditions are met
- Rootkit: A program used to disguise malicious activities on a computer by hiding the processes and files from the user
- Keylogger: A code that records keystrokes entered by the user
- Backdoor: A program that allows unauthorized access at will to an attacker
- Adware: A program that automatically renders advertisements in order to generate revenue for its author
- Bot: An autonomous program that can interact with systems and users for malicious intent
- Spyware: A program that enables malicious sources to obtain information about another computer’s activity
Compliance
St. John’s reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy. Instances of noncompliance must be presented to be reviewed and approved by the Chief Information Officer (CIO), the Director of Information Security, or the equivalent officer(s).
All breaches of information security, actual or suspected, must be reported to and investigated by the CIO and the Director of Information Security.
Those who violate security policies, standards, or security procedures are subject to disciplinary action up to and including loss of computer access and appropriate disciplinary actions as determined by St. John’s.