Professional Documents
Culture Documents
Ajman
Information Security Management System
Antivirus Policy
Version 1.8
Approved by:
Abdulltatif Galadari <date of approval>
Information Technology Director
Document review and approval
Revision history
Version Author Date Revision
1.0 Neha Vyas 30th May 2014 Document Created
1.1 Somaya AlWejdani 23rd June 2014 Review and Update
1.2 Huda AlHamdi 17th July 2014 Reviewed
1.3 Somaya AlWejdani 21st July 2014 Review and Update
Abhinav
23rd Nov 2014 Reviewed
1.4 Srinivasaraghavan
Abhinav
14th May 2015 Revised
1.5 Srinivasaraghavan
1.6 Abdul Rahman Shiekh 17th April 2016 Review and Update
1.7 Manal Saleh 17th April 2016 Final
1.8 Huda Ali 7th Aug 2016 Added the responsibility of users
FEWA Internal
Page 2 of 8 Version 1.8
Contents
1 PURPOSE ...................................................................................................................................... 4
2 SCOPE ........................................................................................................................................... 4
3 DEFINITIONS & ABBREVIATIONS ................................................................................................... 4
4 ROLES AND RESPONSIBILITIES ...................................................................................................... 4
5 ANTIVIRUS POLICY ........................................................................................................................ 4
5.1 GENERAL ........................................................................................................................................... 4
5.2 OPERATING SYSTEM MALWARE PROTECTION ........................................................................................... 6
5.3 SERVER ANTIVIRUS .............................................................................................................................. 6
5.4 MAIL GATEWAY ANTISPAM................................................................................................................... 6
5.5 INCIDENT HANDLING AND COMMUNICATION ............................................................................................ 6
6 END USER ..................................................................................................................................... 7
6.1 USER BEHAVIOUR ............................................................................................................................... 7
6.2 INCIDENT HANDLING AND COMMUNICATION ............................................................................................ 7
7 COMPLIANCE ................................................................................................................................ 7
8 RELATED DOCUMENTS .................................................................................................................. 7
FEWA Internal
Page 3 of 8 Version 1.8
Purpose
The purpose of this policy is to protect the organizations information systems against
malicious software such as viruses, worms, spyware, etc.
Scope
This policy applies to all FEWA employees, contractors, consultants and temporary staff
hereafter referred to as users.
Term Definition
ISMS Information Security Management System
CISO Chief Information Security Officer
Malware is software designed to infiltrate or damage a
computer system without the owner's informed
consent. The expression is a general term used by
Malware
computer professionals to mean a variety of forms of
hostile, intrusive, or annoying software or program
code.
Role Responsibilities
Ensure the complete implementation and enforcement of this
CISO
policy on the users
All users are responsible to read, understand and adhere to
User/FEWA this policy in their day to day activities.
Employee
1. Antivirus Policy
1.1 General
1.1.1. Anti virus software should be installed and enabled on all desktops, servers and
other hand held devices to prevent, detect and protect against any malicious
software. FEWA has currently approve Symantec for protecting all the windows
compute environment.
1.1.2. In case of systems where virus scanners cannot be installed, it is necessary for
FEWA Internal
Page 4 of 8 Version 1.8
1.1.3. Virus scanners and/or detection programs must be started as part of the start-
up process on all information systems and must remain resident throughout the
computing session.
1.1.4. Staff found tampering with the configuration, settings, etc., on their individual
1.1.7. External storage media such as thumb drives, external hard disks, CDs, etc.
1.1.8. A Centralized Anti-Virus server shall be deployed to check all the incoming and
1.1.9. Anti-Virus & Malware activities shall be centrally managed. Central monitoring
and logging console shall be deployed, to monitor the status of pattern updates
on all the computers and to log the activities performed on them.
1.1.10. All computers shall be configured to generate an alert at the central Anti-Virus &
Malware console.
1.1.11. Only authorized software approved by IT Division should be installed and used
on the servers, workstations and other computing devices such as the blackberry.
1.1.12. Users should not execute any executable file received in email.
FEWA Internal
Page 5 of 8 Version 1.8
1.2 Operating System Malware Protection
1.2.1. Suitable malware protection software shall be deployed and operating on all
client workstations, laptops and servers.
1.2.2. Malware protection software shall perform real-time scanning protection, which
is able to check any file access.
1.2.3. Malware protection software engine deployed by FEWA IT and patterns shall be
up-to-date, updates shall take place regularly and whenever there are any new
patterns.
1.2.4. Centralized compliance monitoring and event reporting shall be deployed.
1.2.5. A full scan is scheduled on a weekly basis.
FEWA Internal
Page 6 of 8 Version 1.8
software. If necessary or adequate, the vendor of the malware
protection/antispam software should be contacted to receive adequate
workaround or updates.
2. End User
2.1.1. User shall only exchange information with business partners in compliance with
the Network and Communication Security Policy.
2.1.2. User shall take due care when accessing Internet services and exchanging emails,
following the Acceptable Use Policy.
4. Compliance
All users are requested to comply with this policy. In case of breach/violate, the user
would be subjected to disciplinary action. Violations shall be notified to IT Support and
HR. Strict confidentiality shall be maintained on all notified violations.
5. Related Documents
FEWA_ISMS_Network and Communications Security Policy
FEWA_ISMS_Incident Management Policy
FEWA_ISMS_Acceptable Use Policy
FEWA Internal
Page 7 of 8 Version 1.8
FEWA_ISMS_Management Review Form
FEWA Internal
Page 8 of 8 Version 1.8