APPROVED: January 28, 2021
EFFECTIVE: January 28, 2021
REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy
/ Joe Garcia /
Joseph A. Garcia
This procedure documents specific requirements, which must be met for the protection of Information Systems and Assets from computer viruses and other malware and is implemented to define what the Colorado Community College System and its Colleges (“CCCS”) must do to identify Viruses and Malware on its Information Systems or Assets.
This procedure applies to Information Systems or Assets owned, leased, managed, and maintained by the System Information Technology Department (“System IT”) or the College Information Technology Department (“College IT”) Department or by third parties on behalf of CCCS.
A computer virus is a malicious code designed to spread from host to host by itself without the user’s knowledge to perform malicious action. Virus is a specific type of malware.
Malware is a collective term for any type of malicious software including viruses, ransomware, and spyware. Malware typically consists of malicious code designed to cause extensive damage to data and systems to gain unauthorized access to a network.
A virus definition, also known as a virus signature, is a binary pattern (a string of ones and zeros) that identifies a specific virus. An anti-virus software references the virus definition database to determine whether the programs or files contain viruses.
The System Chancellor delegates to the System Vice Chancellor for Information Technology responsibility for oversight of compliance with and implementation of this procedure. Further, the System Chancellor delegates to the College Presidents the responsibility to implement and compliance with this procedure at their respective institution.
Anti-virus and anti-malware help to safeguard against security vulnerabilities, mitigate threats to local workstations and laptops, and better protect CCCS Information Systems and Assets. The following procedure establishes security baselines around Virus and Malware prevention and ensures the updating of CCCS Information Systems.
System IT or College IT shall install and maintain an anti-virus or anti-malware solution on workstations, laptops, and servers. System IT or the applicable College IT will maintain, at a minimum, the following capabilities:
At a minimum, the anti-virus solution shall have the following:
Monitoring and Alerting
CCCS reserves the right to change any provision or requirement of this procedure at any time and the change shall become effective immediately.