Information Resources Use and Security Policy

Next Previous

7. Computer Virus Protection

A variety of technologies and practices are required to protect the university's network infrastructure and other information resources from threats posed by computer viruses, worms, and other types of malicious code.

7.1. All systems connecting to the university network, whether owned by the university or not, must install and enable current virus protection software. Exceptions should be acknowledged by completing a Security Exception Report.

7.1.1. University e-mail servers must utilize properly maintained e-mail virus protection software and/or utilize the security services provided by the campus e-mail gateway service; and
7.1.2. Any system identified as a security risk due to a lack of virus protection may be disconnected from the network or the respective network account may be disabled until adequate protection is in place.

7.2. Every known instance of a computer virus infection constitutes a security incident and must be reported to the Information Security Office in accordance with Section 13 of this Policy. When required, the Information Security Office will initiate Incident Management Procedures and organize a Computer Incident Response Team (CIRT).