Purpose

Computer anti-virus protection has the purpose of ensuring system integrity and substantially reducing the risk of data loss and business disruption in the event of a virus attack on Health Care Providers computer systems. It is the goal of the Health Care Providers that all viruses are detected and contained at the perimeter of the business environment, and that as a result, Health Care Providers does not experience any virus incidents. However, because of the ever-changing types of viruses, as well as the high risk of business disruption in the event of a virus infection, measures must be taken to not only prevent any occurrence of a virus, but also have a contingency plan for addressing potential infections.

Background

A virus is a piece of code that replicates by attaching itself to other programs or files. When these files are run, the virus is invoked and can further replicate itself.

A Trojan horse is a piece of code embedded in a useful program for malicious purposes. A Trojan horse differs from a virus in that it does not try to replicate itself to other programs.

A worm is a program that replicates by running copies of itself across a network. A virus can exhibit both virus and worm characteristics.

Departments Affected

This policy applies to anyone using Health Care Providers. For purposes of this policy, these employees are referred to as “users.” This policy applies to all Information Technology computer systems at Health Care Providers. Personal Computers, Servers, Networking equipment, as well as telephone switches are considered to be Information Technology systems for the purpose of this policy.

Risk Analysis

Virus infection of Health Care Providers threatens the company business in four distinct areas.

Threats to data

Viruses have the potential to have a direct action on data integrity. There will be inaccessibility to data while the infection is investigated and data cleaned and restored. This could cause the suspension of business activities and potentially services to customers and employees.

Threats to systems

Viruses have the potential to corrupt or destroy system software and / or services. There will be inaccessibility to systems while the infection is investigated and system cleaned and restored. This could cause the suspension of business activities and potentially services to customers and employees.

Threats to reputation

Viruses have the potential to affect our business relationships if the external world learns of the virus infection or its consequences, or if customers are inadvertently infected from our systems. The potential for Health Care Providers to appear insecure or uninformed could have serious consequences to our business reputation.

Threats to finances

Viruses have the potential to affect Health Care Providers finances due to the costs associated with dealing with the virus infection. The costs can be a threat from three areas:

1) The cost in time of cleaning, repairing and recovering from the infection;

2) The cost of interruption to Health Care Providers services; and

3) The potential legal costs due to suspension of services, infecting members, etc.

Prevention Plan

Because of the many potential entry points for virus threats, there is no single solution that allows Health Care Providers to combat viruses at a single point in their computer network. The technology defenses against virus infection must include a three-tier approach that spans from the systems that provide basic WAN connectivity, to the network servers, to the desktop, where end users perform their everyday tasks.

Infrastructure Backbone

The highest level of the Health Care Providers enterprise, the infrastructure backbone, provides e-mail messaging, switching, directory, and routing and proxy services. These services are also linked to external communications such as SMTP e-mail connectivity; Web browsing, partner and remote access connectivity. In most cases, there is no end-user data stored on these servers and little to no direct member interaction.

The goal of anti-virus protection at the infrastructure backbone level is to ensure viruses are detected and contained prior to entering the business environment. Virus protection at the backbone infrastructure level must encompass a number of services, including:

E-mail: SMTP and X.400 gateways.

HTTP, FTP, and any other external file transfer mechanisms

Virus Protection for Infrastructure Backbone

At the backbone level, virus protection is provided through the use of virus scanning of incoming emails using “Corporate AV” Server Enterprise anti-virus. Updates to virus signature files are implemented upon receipt from the software vendor.

I would suggest that we add scanning of ALL incoming and outgoing data packets at the firewall level if possible.

Network Servers

At the middle levels of the tier, the network servers provide local mailbox and file and printer services. This middle level hosts the servers that users directly access to retrieve, store, and send messages, print documents, and store internal records such as databases, spreadsheets, documentation, employee information and other sensitive and / or confidential information.

Virus protection at the middle level must encompass a number of services, including:

Mailbox and public folder scanning utilities for Exchange Server.

File-based scanning utilities.

A process, either automated or not, to update virus checking signature files.

Custom utilities that may target specific viruses or security alerts

Virus Protection for Network Servers

At the network server level, virus protection is provided through the use of virus scanning software on the servers providing shared drive access using “Corporate AV” Anti-virus software. The administrators, after updates by the software vendor, implement auto-updates to virus signature files manually, on a weekly basis.

Desktops

The desktop level is the entry point for the majority of data within Health Care Providers. The desktop is where the clients interact with client-side applications to read, create, send, and in some cases, store local messages and files. Desktops are differentiated from the local and backbone servers by performing numerous tasks such as word processing, spreadsheet and database manipulation, and Internet browsing.

Virus protection at the desktop level should encompass:

Real-time and scheduled scanning capabilities, including scanning of all files on the local hard drive thumbdrives and floppies.

A process, either automated or not, to update signature files on all client computers.

Virus Protection for Desktops

At the desktop system level, virus protection is provided through the use of virus scanning client software using “Corporate AV” Anti-virus software. Updates to virus signature files are released weekly to desktops after auto-updates by the software vendor.

Virus Management Plan

Health Care Providers deals with viruses and virus threats within a triage plan. The following steps explain the plan at a high level.

Escalation Plan (Preparation)

The escalation plan should include:

List of all parties to be contacted if virus threatens

Who is on the anti-virus team

Severity levels (potential risk, business disruption or virus type) and action triggers for each level

Early Detection

This should in
clude how new viruses and threats are researched and reported (company web sites, news organizations, security forums, etc). and prevention. It should also address how and to whom employees report virus warnings or suspicious behavior.

Assembling a “High Performance” Team

Once a potential virus outbreak is detected, the next phase is to assemble a “high performance” anti-virus team, if applicable. This team has representatives from the following areas: help desk, operations, desktop support, Windows NT Administration, IT security, and an authorized executive. Each representative needs to have at least one backup and be reachable 24 hours a day, 7 days a week

Stop the Infestation

The team’s first responsibility is to immediately stop the increase of infection. If a messaging system, file transfers, or a Web site is transporting the virus, those systems need to be identified and neutralized. Neutralizing a system may mean taking the system offline or reverting data to a safe location (repository) for further analysis. It is extremely important to understand the virus. Does it destroy data or applications? Can it replicate or copy itself? How is it transported? Most of the virus protection software companies publish details about known viruses on their Web sites.

Communications

This portion of the plan should address

how notification of the virus infection is communicated to the administrators, helpdesk and end users.

Who should get what communications?

Various means of communication exist (Web sites, voice mail, electronic mail, inter-office memos, etc) but some may be rendered useless by outages caused by the virus.

Systems Cleanup

This portion of the plan should identify the tools available to restore cleanup from infection and the testing and distribution of the tools to the desktops and servers in the company. These tools can be any of the following: standard file-based scanning utilities, product-specific utilities, or custom utilities created by virus protection software vendors.

www.bestitdocuments.com