RULE 200.00.03-003 - Virus Scanning on the State of Arkansas Network

RULE 200.00.03-003. Virus Scanning on the State of Arkansas Network

1.0 Purpose

Information handled by computer systems must be adequately protected against unauthorized modification, disclosure, or destruction. Virus scanning software has proven effective in protecting state resources from viruses, worms, and other types of malicious code.

2.0 Scope

This standard statement applies to all state agencies, boards, commissions and institutions of higher education.

3.0 Background

The Arkansas Information Systems Act of 1997 (Act 914, 1997) gives the Office of Information Technology the authority to define standards, policies and procedures to manage the information resources within the state. This is accomplished through work with a multi-agency working group known as the Shared Technical Architecture Team

In addition, Act 1042 of 2001 states that the Executive Chief Information Officer oversee the development of information technology security policy for state agencies.

4.0 References

4.1 Arkansas State Government Information Resources Security Policy Guidelines

4.2 Act 914 of 1997: Authorized the Office of Information Technology (OIT) to develop statewide policies.

4.3 Act 1042 of 2001: Authorized the Executive CIO to develop security policy.

5.0 Standard

5.1 All microcomputer workstations and servers attached to the state network shall have updated virus protection software installed and enabled.

5.2 At a minimum, virus definitions shall be updated weekly.

6.0 Procedures

The agency shall be able to demonstrate compliance.

7.0 Revision History

Date

Description of Change

12/14/2003

Original Standard Statement Published

     
     

8.0 Definitions

8.1 Virus:

A virus is a piece of programming code usually disguised as something else that causes some unexpected and usually undesirable event. A virus is often designed so that it is automatically spread to other computer users. Viruses can be transmitted as attachments to an e-mail note, as downloads, or be present on a diskette or CD. The source of the e-mail note, downloaded file, or diskette you've received is often unaware of the virus. Some viruses wreak their effect as soon as their code is executed; other viruses lie dormant until circumstances cause their code to be executed by the computer.

8.2 Worm:

A worm is a self-replicating virus that does not alter files but resides in active memory and duplicates itself. Worms use parts of an operating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.

8.3 Workstations and servers:

A workstation is a personal computer attached to a local area network that in turn shares the resources of one or more computers. The computer that a server program runs in is also frequently referred to as a server. In this standard, workstations and servers are also defined as computers that are capable of becoming infected with a virus, worm, or other malicious code.

9.0 Related Resources

Antivirus software links:

Norton Antivirus: http://www.symantec.com/nav/

McAfee Antivirus: http://www.mcafee.com/anti-virus/default.asp

Hoaxes: http://hoaxbusters.ciac.org/HoaxBustersHome.html

AVG Antivirus: http://www.grisoft.com/html/us_index.htm

eTrust Antivirus : http://www3.ca.com/Solutions/Product.asp?ID=156

10.0 Inquiries

Direct inquiries about this standard to:

Office of Information Technology

Shared Technical Architecture

124 W. Capitol Ave., Suite 200

Little Rock, AR 72201

Voice: 501-682-4300

FAX: 501-682-2040

Email: ITarch@mail.state.ar.us

OIT policies can be found on the Internet at:

http://www.techarch.state.ar.us/

(12/9/2003)

The following state regulations pages link to this page.