Information Technology Reference
In-Depth Information
Antivirus software includes virus definition files which require to be updated often. Most
antivirus software can be configured to update virus definitions as soon as they are made
available by antivirus solution developers. The solutions can also be configured to update
on a timely basis such as daily or weekly.
Enterprises have the option of deploying managed and unmanaged antivirus solutions.
Managed systems are centrally controlled, and most configurations are done on the server.
Unmanaged solutions are configured on the workstation and are not centrally managed.
The enterprise might also configure the antivirus application to auto scan at specified in-
tervals, such as daily or every hour. Antivirus software can be set to automatically scan all
storage devices connected to the computer, such as memory sticks or external storage.
Enterprises should develop enterprise antivirus management policies in order to effectively
address issues of viruses in enterprises. Antivirus procedures are also required in order to
ensure that users adhere to specific ways of dealing with viruses. Large enterprises employ
full-time antivirus specialists, who are responsible for day-to-day management of antivirus
security. Their responsibilities include ensuring that users are aware of how to handle virus
incidents, sending user alerts, repairing virus-infected computers, and preparing reports on
virus infections and management.
User training is an effective way of managing viruses in an enterprise. An enterprise should
ensure that users are aware of virus incidents and how to respond. The enterprise, through
established procedures, should make sure that there are clear escalation procedures in the
event of infections. In most enterprises, antivirus protection is part of security awareness
training for new and old users.
The IS auditor should collect evidence on how the enterprise is managing the antivirus se-
curity environment. Statistics on virus infections can be obtained from the antivirus applic-
ation system which automatically collects and reports on various virus incidents. The IS
auditor can also review reports prepared by the IT function and antivirus security special-
ists as part of the audit. Interviewing users is also a good source of information. It is always
recommended that IS auditors randomly check user computers to test the effectiveness of
the antivirus management practices in the enterprise.
Internet Security
Internet security relates to the securing of Internet systems such as websites, web browsers,
email, and other business tools used by an enterprise which rely on the Internet. Most en-
terprises today are highly dependent on the use of the Internet to conduct business. The
Internet has also brought many risks as well as benefits. Often we hear of enterprises being
hacked by known or unknown persons or organisations. Many enterprises have lost mil-
lions of dollars through Internet fraud. Individual customers also have been hit by Internet
Search WWH ::
Custom Search