Malware Protection Policy
Introduction
Viruses, worms, Trojans, and Spy ware are nasty and dangerous intruders. Together they make up a class of software know as malware which is short for malicious software (Greene, 507). The Grocery, Inc. has been breached and now know that it was a inside job and it was a new and sophisticated plan that was developed by and disgruntled employee. The attacker was able to slip malware onto servers at all of the company's 200 stores. Further digging has brought to light that the malware appears to have snatched card data from customers as they swipe their card at the check out and transferred the data overseas. As a Information Security Administrator for Grocery Stores, Inc. I will asses the situation and develop a server malware protection policy that accounts for concerns of the stakeholders as well as reducing the chances for another attack and providing security controls.
Purpose, Scope , and Overview
The purpose of the policy should outline the server systems that require anti-virus and/or anti-spy ware (SANS) . The scope will need to apply to all servers that Grocery Inc. is responsible for. It also needs to include all server systems that is setup for internal use by Grocery Inc even if they do not retain administrative obligation or not. The overview will state that Grocery Inc. is trusted with the responsibility to provide professional management of clients servers as outlined in each of the contracts with its customer(SANS) . It also states that they have an obligation to provide appropriate protection against malware threats, such as viruses and spy ware applications(SANS) .
Anti-Virus
Grocery Stores Inc. needs all systems to have anti virus protection software...
... middle of paper ...
...s and how it may impact their work.
Conclusion
Having a layered security program that will protect at all levels and if one is unsuccessful the other defense is present. This is shown by having the anti virus, spy ware, and security restrictions. The fact of the matter is even having a layered defense will not guarantee that attacks can be prevented. Good security requires constant care and with out that care a vulnerable opening could develop. Monthly updates and reviews are needed to make sure that not holes are present in the systems.
Reference Page
Greene, S. Security Policies and Practice [VitalSouce bookshelf version]. Retrieved from http://devry.vitalsource.com/books/9781256084099/id/ch15fig08
SANS. (n.d.). Retrieved from http://www.sans.org/security- resources/policies/Server_Malware_Protection_Policy.pdf