Information Technology Review - Auditing Information Systems: Enhancing Performance of the Enterprise

Information Technology Reference

In-Depth Information

9. security controls

10. communication controls.

d) Antivirus and Antimalware Systems

Workstations which we use to access and process data are vulnerable to various threats,

including viruses and malware. In order to provide effective protection from such

threats, enterprises do implement antivirus protection on workstations. The antivirus

systems can be either stand-alone or centrally managed. There are many types of

virus-protection software on the market. Each one of them is able to protect work-

stations to various degrees, and users might find that some antivirus tools are more

effective than others. The effectiveness of antivirus software also depends how the

virus-protection system is administered and configured.

Virus definition files are used by antivirus systems to detect viruses. A virus definition

file contains a list of known viruses and should be updated often to be current. How

often virus definition files are updated depends on the requirements of a particular

enterprise. In many enterprises, virus definitions are updated on a daily basis or as

they are made available by the vendors.

User awareness is key to the success of any antivirus solution. Users should be trained to

avoid situations which may lead to their workstations being infected. Viruses can be

devastating and can take some time to cure if there is a network-wide infection. For

example, it is important that users should:

1. not download files from unknown sources

2. scan their PCs regularly

3. update virus definitions

4. avoid using disk drives from unknown sources

5. scan drives and other sources of data before use

6. ensure automatic scanning of incoming and outgoing emails.

The benefits of using antivirus protection software are many. It is important that users

appreciate the use of antivirus software. Deliberate training programs should be im-

plemented in order to ensure that users are able to use the antivirus software effect-

ively.

Most enterprises have put in place policies and procedures regarding implementation of

antivirus protection. IS auditors can use these policies and procedures to assess im-

Search WWH ::

Custom Search

Home