Policy No.:ETP-A -27-2 Effective:2nd Oct, 2011
KSAU-HS King Saud bin Abdulaziz University for Health Sciences
UNIVERSITY King Saud bin Abdulaziz University for Health Sciences
EDUTECH CorporateOffice of Educational Technology Services
IT Information Technology
The purpose of this policy is to prevent the infection of University computers, computer systems and other digital devices from computer viruses and other malicious code. This policy is intended to prevent major damage to hardware, software and applications and loss of user data.
The policy applies to all University computers and devices that store University related information. It applies to all University network users with any device that has access to the network.
- All users who are connected to the KSAU-HS network have a responsibility to protect their systems from virus infection and follow the guidelines on spam email as outlined below:
- Desktop & Mobile Anti-Virus Protection
- All users have a responsibility to protect any device they use to connect to the University network by ensuring that correct anti-virus product for their area is installed on the device being used.
- The IT Manager is responsible to identify, install, operate and manage the correct anti-virus approved by EduTech and which secures the University resources and keeps the devices connected to the University’s network monitored and updated against virus threats.
- The connectivity and software services to the University’s resources are not to be provided to any device until it is checked against virus and malicious threats and approved for access.
- EduTech may release and install specific security application(s), patches or files on a user’s device before access is granted. This includes any further protection tool for the purpose of prevention or monitoring of virus infections.
- Users must not try to install an unapproved anti-virus product, or try to alter the configuration or disable the existing anti-virus product on their devices.
- Edutech may install any further protection tool on the user’s device for the purpose of prevention or monitoring of virus infections.
- Users must ensure that all relevant software security updates are applied to their computer. Users are advised to employ the Windows update service for all Microsoft operating systems, and the equivalent update service for other types of operating systems.
- Users must scan their hard drives regularly for viruses and not attempt to disable the regularly scheduled AV checks.
- Users should not open suspicious emails or attachments whether solicited or unsolicited from unknown or unusual sources.
- Users should scan all software or other content that they download from the Internet for viruses before they open these downloaded materials or portable devices.
- Users should exercise caution when downloading from the Internet and only download files from reputable authorized Internet sites or portable devices.
- Users should exercise caution when accessing web based E-mail including but not limited to Hotmail, Yahoo, Gmail, etc. Users should be aware that email accessed on these sites has not been scanned by the University’s email gateway and may contain viruses.
Responding to Virus Infections
- All users must respond to any virus infection detection indicated by their anti-virus software by contacting the designated Helpdesk Service provider.
- In the event that a user is unable to clean or remove an infected file they should disconnect their PC from the University network by removing the network cable or switch off the wireless connectivity, and immediately inform their respective IT department/Helpdesk services of the problem.
- All users should be alert to the possibility of a virus and immediately report any suspicious behavior to their respective college IT department/Helpdesk.
Unsolicited Email (Spam)
- Users should exercise caution when divulging their University Email account to third parties. Some organizations may provide your email address to parties involved in sending unsolicited emails (Spam), which may result in increased volumes of spam email being sent to your account.
- Users should utilize the Spam filtering service provided by EduTech to filter the spam email that they receive.
- It is strictly prohibited for any user to use University network resources to distribute unsolicited email (E.G. Spam)
- IT managers and system administrators have a responsibility to protect University systems and infrastructure from virus infection and to filter spam email where possible.
Anti-virus and Anti-spam Measures
- IT Managers and Technology Administrators will evaluate, select and deploy anti-virus software on file servers, desktops and mobile devices to scan for viruses from sources such as e-mail and attachments, portable disks, and downloaded materials from the Internet.
- IT Managers and Technology Administrators will provide users with a method to reduce the impact of unsolicited or SPAM email in their University inbox.
Desktop Anti-virus Selection
- EduTech must select an effective anti-virus product. This product must be licensed and made available to all users connecting to the University network.
- The selected anti-virus product must monitor systems regularly for devices that do not have anti-virus software installed or have incorrect anti-virus products or settings.
- The selected anti-virus product must provide a central point of contact to University users for anti-virus matters.
- The selected anti-virus product must keep abreast of potential viruses that may affect the University.
- The selected anti-virus product must promote awareness of anti-virus issues amongst users[j1] .
Gateway Virus Protection
- EduTech will provide and maintain effective virus scanning and anti-spam measures at the University gateway.
- All inbound and outbound email from the University network and all autonomous managed networks must be routed through the central University MX in order to ensure that uniform gateway virus scanning and spam filtering measures are applied.
IT Managers Helpdesk Support Staff Responsibilities to combat Viruses
- Monitoring desktop systems for indications of virus infection using available tools.
- Follow up on and evaluate any virus reports from users and make recommendations which may include informing users of the problem by email alert, intranet, etc
- During a virus outbreak incident, Helpdesk will provide whatever assistance is required to disinfect the systems and prevent propagation of the virus.
- In the event of an incident, the official source of updated information will be the EduTech website or EduTech official email.
Director Corporate, Educational Technology Service
King Saud bin Abdulaziz University for Health Sciences