[ skip to content ]

More Information about this image

Handbook and paperwork for the newly hired.

Old Dominion University

Information Technology Standard

05.4.0 Virus & Malicious Code Protection Standard

Date of Current Revision or Creation: November 1, 2021

The purpose of an Information Technology Standard is to specify requirements for compliance with Old Dominion University Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.

  1. Purpose

    The purpose of this standard is to define the requirements to protect and defend the Old Dominion University network from the spread of a computer virus or other unintended or malicious destruction.

  2. Definitions

    Endpoint Protection - Software intended for the protection of laptop and desktop resources both on and off-campus that is licensed by ODU for use by faculty and staff computers.

    Data Users/Users - Individuals and organizations that access institutional data and information in order to perform their assigned duties or to fulfill their role in the University community.

    Malicious Code - the term used for any code in any part of a software system or script that is intended to cause undesired effects, security breaches, or damage to a system. Malicious code can include attack scripts, viruses, worms, Trojan horses, backdoors, and malicious active content.

  3. Standards Statement

    Malicious Code Protection

    Users will not willfully introduce virus-infected media or other foreign materials into any University systems without proper authorization and without using up-to-date, approved virus-scanning software.

    Advanced endpoint protection will be used on ITS-managed desktops, laptops, and servers. All devices connected to the network, including off-campus computers, should have some form of anti-virus, endpoint protection, or be configured according to best practice for the operating system. Personally owned devices are also subject to compliance when connected to the ODU network.

    Information Technology Services will monitor network activity and take appropriate action to control infection. Any server or client known to be an infecting agent will be disconnected and the user notified immediately. The user or department will be responsible for bringing the device into compliance.

    Malicious Code Protection

    Users will not intentionally develop or experiment with malicious programs and are prohibited from knowingly propagating malicious programs including opening attachments from unknown sources.

    ODU will provide malicious program detection, protection, eradication, logging, and reporting capabilities for IT systems and users. Malicious program protection should remove or quarantine malicious programs that it detects; provide alert notifications; protect memory and storage devices; protect against files retrieved through a network connection or from an input storage device; allow only authorized personnel to modify program settings; monitor activity, maintain logs of protection activities, or some combination of these.

    Disciplinary Action

    Users who willfully disregard this Standard are subject to disciplinary actions as provided for in other organizational employment and human resources policies.

  4. Procedures, Guidelines & Other Related Information

    Federal and State Law

    University Policy 3500 Policy on the Use of Computing Resources

    IT Standard 05.1.0 IT Security Incident Handling Standard

    IT Standard 09.1.0 Acceptable Use Standard

  5. History

    Date

    Responsible Party

    Action

    October 2009

    ITAC/CIO

    Reaffirmed

    October 2010

    ITAC/CIO

    Reaffirmed

    October 2011

    ITAC/CIO

    Reaffirmed

    October 2012

    ITAC/CIO

    Reaffirmed

    December 2012

    ITAC/CIO

    Merged Virus Protection and Malicious Code Protection Standards

    Numbering revision

    August 2013

    IT Policy Office

    Departmental name update

    August 2015 IT Policy Office/ISO
    Three year review; links and terminology updated.
    December 2018 IT Policy Office Definitions and links checked
    November 2021 IT Policy Office Definitions and links checked

Site Navigation

Presidential Inauguration

ODU commemorated the inauguration of President Brian O. Hemphill, Ph.D., during Homecoming Weekend 2022. Relive the historic weekend.

Fall Open House

It's time to fall in love with ODU! Join us for our last Open House event of the semester on Saturday, November 19.

Commencement 2022

Visit the Commencement Office for information on event times, caps & gowns, tickets and more!