|
|
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Head of IT Section
Where IT systems are equipped with computer virus scanning programs, these programs must be updated regularly so as to ensure reliable detection of newly appearing computer viruses. To do this, a procedure must be laid down to specify responsibility, procurement and the method of distributing the updates.
At the time of procurement of a suitable computer virus scanning program (see S 2.157 ), attention should be paid to the need to update it at short intervals (no more than 6 months). As virus scanning programs are also updated for specific reasons, for example because of the appearance of new viruses, the person responsible for the problem of viruses should check with the software producer for information on updates on a regular basis (at least once a week).
When the updates to the computer virus scanning program are distributed, it must be ensured that the updates are indeed loaded onto the IT systems - soon after the updates are procured. If this cannot be performed automatically (in the case of networked IT systems), the update should be made available to the relevant IT users quickly.
As a consequence of frequent updating and the resultant short test times for the virus scanning programs, they are susceptible to error and must be tested in actual operation before release or installation (see also S 2.83 Testing Standard Software). When updates are installed, particular care must be taken that the existing configuration of the computer virus scanning program is not changed by preassigned parameters. For example, an update could cause a previously resident computer virus scanning program to be switched to an offline mode.
It must also be ensured that computers which are not allocated to any individual person and are not networked, for example laptops, are likewise supplied with updates.
Additional controls:
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
July 1999 |