IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.160 Regulations on computer virus protection
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Head of IT Section
In order to obtain effective protection against computer viruses, certain
additional measures must be put in place over and above the use of virus
scanning programs. With this in mind, it is necessary to address the following
points, among others:
Use of computer virus scanning programs
The use of these programs is to be specified and documented in accordance
with the chosen strategy and the chosen product (cf. S 2.156 Selection of a
suitable computer virus protection strategy, S 2.157 Selection of a suitable
computer virus scanning program). In addition it is necessary to determine
how, at what intervals and by whom the computer virus scanning programs
will be updated (cf. S 2.159 Updating the computer virus scanning programs
used).
Training of IT users
The IT users affected must be informed of or given training in (cf. S 3.5
Education on IT security measures, S 3.4 Training before actual use of a
program, S 6.23 Procedures in the event of computer virus infection) matters
relating to the dangers posed by computer viruses, macro viruses, Trojan
horses and hoaxes (cf. T 5.23 Computer viruses, T 5.43 Macro viruses, T 5.21
Trojan horses, T 5.80 Hoaxes), necessary IT security measures, behaviour in
the event of computer virus infection and handling of the computer virus
scanning program.
Ban on the use of non-approved software
The installation and use of non-approved software, in particular software that
has not been virus-checked, must be forbidden (cf. S 2.9 Ban on using nonapproved
software). Over and above that it may be necessary to stipulate that
checks on observance of the ban are performed regularly (cf. S 2.10 Survey of
the software held).
Protective measures on the IT system
The boot sequence during operating system startup must be rearranged such
that as a rule the system is started first from the hard disk (or from the
network) and only then from an external medium (floppy disk, CD-ROM; cf.
S 4.84 Use of BIOS security mechanisms). In addition, an emergency floppy
disk must be created for every available computer type, in order to allow a
successful cleanup in the event of a computer virus infection (cf. S 6.24
Creating a PC emergency floppy disk). If a new computer virus does cause
damage despite the precautions, a backup must be used. Data backups must
therefore be created on a regular basis (cf. S 6.32 Regular data backups).
When data backups are reloaded, care must be taken that no files infected by
the computer virus are restored to the system as a result.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000