Information Resources and Technology Policy

Section Policy Name Policy Number
Individual Responsibilities Malware Policy 5.06

Policy Purpose

The purpose of this policy is to describe the responsibilities of individuals, departments and Information Resources and Technology (IRT) in protecting Bradley University computer systems against malware infections.

Policy Description

All systems connected to the Bradley University network, whether wired or wireless, must have current virus protection software installed and running.

Malware, a shortened term for malicious software, is designed to infiltrate a computer system without the informed consent of the user.

A worm is a special type of virus which replicates itself across a computer network, and does not attach itself to files, so requires no human intervention to spread. Worms spread quickly and reside in memory, slowing down or disabling your computer.

Potential sources of viruses include shared media such as floppy disks or CD-ROMs, electronic mail (including, but not limited to, files attached to messages), and software or documents copied over networks such as the campus network, the Internet, and over P2P applications and Web popups.

A virus infection is almost always costly to the institution whether through the loss of data (possibly permanent), staff time to recover a system, or the delay of important work. Viruses spread from the University can lead to damage to the University's reputation and can possibly lead to litigation against the University.

Advice and Assistance 
Information Resources and Technology will provide virus protection assistance in the following ways:

  • The IRT HelpDesk and staff will assist individuals with recovery from viruses. This includes advice on containment to stop the spread, help with removing viruses, and advice on how to prevent a recurrence.
  • Timely information regarding virus threats will be sent to campus in a variety of ways, including notices via electronic mail and postings on Sakai and the HelpDesk Web page.
  • Information Resources and Technology will continue to work with Student Senate and the Residential Life staff to increase awareness of the importance of adequate virus protection.

Noncompliance
Computer users not complying with this computer security policy leave themselves and others at risk of virus infections which could result in:

  • damaged or lost files
  • inoperable computer resulting in loss of productivity
  • risk of spread of infection to others
  • confidential data being revealed to unauthorized persons

An individual's non-compliant computer can have significant, adverse affects on other individuals, groups, or the University itself. It is critical for the protection of all individuals using the campus network that each computer be adequately protected against virus activity. Non-compliance with this policy by use of a computer on the campus network which is not adequately protected against virus infection may result in a variety of negative outcomes outlined below.

University-owned computers (purchased through campus computer sales and supported by IRT)

Virus activity is generally initially suspected when a great deal of traffic is identified by network administration software coming from a particular IP address (in use by a particular individual) on the network. When this occurs, the following steps are taken:

  • Network access by that computer will be restricted.
  • A trouble ticket will be opened by the HelpDesk, the University employee responsible for the infected computer will be contacted. (If the responsible party cannot be identified, the restriction will remain in place until someone contacts the HelpDesk about the computer.)
  • A time will be arranged for the infected computer to be scanned and cleaned. If files appear to be damaged or missing, file recovery will be attempted.
  • The IRT staff person will ensure that NAV is installed and updating daily on the computer before the ticket is closed

Student-owned computers 
As with university-owned computers, virus activity on student computers is generally identified when a great deal of traffic is coming from a particular IP address (in use by a particular individual) on the network. The following steps are taken when this occurs:

  • Network administrators will restrict the user's access to the network and notify the HelpDesk of the restriction. The HelpDesk will call the student to whom the computer is registered to inform them of the restriction.
  • The student must bring their laptop or CPU to the HelpDesk for assistance in scanning and cleaning the viruses from the system.
  • The student must demonstrate that anti-virus software is installed and set to update daily before network access is restored.
  • A fee of $25 will be charged for an initial violation. A fee of $50 will be charged if there is a subsequent violation by the same student. If non-compliance with the policy continues, the student may be referred to the residential life and student judicial services office.

Other systems

Some systems are on the campus network which do not fall under the above categories of University or student owned. As stated earlier, all systems connected to the Bradley University network, whether wired or wireless, must have current virus protection software installed and running.

Policy Scope

This policy applies to all Bradley University computer and network users.

Policy Definitions

Date Approved Revision 1 Date Revision 2 Date Revision 3 Date Revision 4 Date Revision 5 Date
2/23/2004 4/6/2004