Description

This article is from the Computer viruses FAQ, by David Harley D.Harley@icrf.icnet.uk, George Wenzel gwenzel@telusplanet.net and Bruce Burrell bpb@umich.edu with numerous contributions by others.

14) Where can I get an anti-virus policy?

There is some relevant material in the Virus-L FAQ document, but you'll
need to do most of the work specific to your own environment. It's worth
doing some general reading on security policies generally and getting
the distinctions straight between policies, strategies, standards,
procedures and protocols. I'm working on this in other contexts: some of
that material may eventually seep back into here.

The ICSA have a Corporate Virus Prevention Policy disk/document which can
be ordered via their web page (www.icsa.net) for around $20, or downloaded
from Compuserve.

In the UK, the British Standards Institution have a Code of Practice for
Information Security Management which includes virus-management (BS7799).
[It's not necessarily well-regarded by practitioners, though.]

BSI
389 Chiswick High Road
London W4 4AL

DTI (Dept. of Trade & Industry)
IT Security Policy Unit
151 Buckingham Palace Road
London SW1W 9SS

The Dr. Solomon's web page (www.drsolomon.com) has a paper on Guidelines
for an Anti-Virus Policy by David Emm which is a reasonable starting
point, though a comprehensive virus management policy is no small
undertaking. The Dr. Solomon's page may be moved to the www.nai.com
site in the near future, as Dr. Solomon's has been purchased by NAI.

Continue to:

• prev: 14) Why do people write/spread viruses?
• Index
• next: 14) Are there virus damage statistics? (Computer virus)