Professional Documents
Culture Documents
Assignment 4
Assignment 4
Justin R. Cook
Purpose
This document establishes a policy for addressing and preventing malware, ransomware,
spyware, and any types of malicious programs from entering HIC’s network.
Background
This document was developed because HIC’s mission is to provide quality service to our
customers and ensure the protection of their confidential information. Malware and other types
of malicious programs continue to plague organizations around the globe and the average cost of
a malware attack on a company is $2.6 million (Sobers, 2021). Running anti-virus software on
all devices, improving user security awareness, limiting network access, and securing
communication channels are some of the actions that must be taken to reduce the overall risk to
Scope
This policy applies to any user or system that operates on HIC’s network or stores/processes HIC
documents or emails.
Objectives
Systems
All systems operating on HIC’s network must be running an up-to-date version of the corporate
standard antivirus software (Trend Micro Apex One). The AV software is pushed out to all
domain-joined computers via group policy and uninstallation or unlocking the software requires
a password. Scans are scheduled to run automatically, and the antivirus definition updates are
All VPN users who connect remotely to the corporate network must authenticate with their
credentials and the device must pass the posture check before being allowed access. For
Asset Protection Policy 3
computer, they would not be allowed access. This posture check ensures that devices on the
Systems operating on the corporate network can only reach the public internet via a proxy server.
This proxy server controls the websites that employees access and secures internet activity by
Email remains a common target for attackers as over 94% of malware is distributed via email
(Fruhlinger, 2020). HIC aims to address this in several ways, the first of which is flagging all
mail that originates from outside the organization with a header that informs the recipient that the
email is external. Flagging all external emails will reduce the likelihood of success if an attacker
Additionally, all email passes through a security filter before reaching the inbox of any internal
user. This security filter analyzes incoming emails for various red flags that indicate a high
likelihood of spam or phishing content and quarantines those emails for review. All attachments
are scanned for malware and certain file extensions are not allowed to pass through. Any links
located in the email’s body or embedded in documents are scanned to ensure they are not
malicious.
Users under the scope of this policy are required to complete an annual cybersecurity training
program. This program includes a section on the different types of malware and some strategies
to avoid falling victim to attack. One area of the training shows how to spot malicious email
attempts and provides instructions for how to report suspicious emails to the security team.
Asset Protection Policy 4
Responsibilities
The Chief Information Officer (CIO) is the approval authority for the Anti-Malware
policy.
maintenance of the Anti-Malware policy and all associated guidelines and standards.
The IT Operations team is responsible for implementing and monitoring the security
The individuals, external entities, or groups who fall under the scope defined for this
Failure to comply with HIC’s Anti-Malware policy will result in disciplinary actions which can
violate legal regulations may also result in lawsuits. Exceptions to the HIC Inc. security program
are granted under extremely rare circumstances. Any potential exception will be documented,
The Anti-Malware policy will be reviewed and revised in accordance with the HIC Inc.
Approved: __________________________________________
Signature
<Typed Name>
Chief Information Officer
Asset Protection Policy 5
References
Fruhlinger, J. (2020, March 09). Top cybersecurity facts, figures and statistics. Retrieved from
https://www.csoonline.com/article/3153707/top-cybersecurity-facts-figures-and-
statistics.html
Sobers, R. (2021, March 16). 134 Cybersecurity Statistics and Trends for 2021. Retrieved from
https://www.varonis.com/blog/cybersecurity-statistics/