ANTIVIRUS

MANAGEMENT
PROCESS
Antivirus Management Process
Objective
To establish key process components of Antivirus Management (between IM & Vendor) and ensure AV
compliance of endpoints in MO, Commy & Stores based on defined SLAs.

Rationale Process Status

• JFC experiences cyberattacks and security risks that harm
endpoints up to org infrastructure. Process Roll-out

Milestones Next Steps

S2-2018 Key Timeline DRI
Key Process
Milestones deliverables:
Components:
Process Framework  Established initial Antivirus Management Process Framework Finalize AVM S’ Don
(Milestones, Core Team, Gates, Deliverables, SLA) process framework S’ Kiko
applicability for S’ Mike
 Defined Antivirus Management Procedures stores. M’ Ria
RACI  Developed official AV RACI between Vendor and IM (INFRA S’ Jason
versus S3D) PEU
SLA/Threshold/and  Developed SLAs and Expected Output to establish
Expected Output differentiation of Vendor and IM Output & Accountabilities
from IM
 95% compliance threshold for AV Compliance for MO, Commy
& Stores.
Antivirus Management
PROCESS FRAMEWORK
Policy Configuration
Server & License Client Incident
Phase AV Update Maintenance & Management
Preparation Distribution Mgmt.
Reporting

IM/ IM IM IM IM
Core Team

Antivirus Antivirus Antivirus

Process Software Server
AV Software Management Antivirus
Version Software Incident Software
Management
Client Console Updates Reporting &
Milestones License Provision Upgrade License Management Policy
Distribution Updates Deployment Actions
Acquisition Renewal Configuration

N Y N Y N Y N Y N Y
Software & AV
Gates Licenses
Server Client
Installed? Compliance
Virus
Provided? detected?
(Controls) Purchased? met?

Gates Antivirus Software AV AV Compliance Summary Incident Added/deleted/revised

(Deliverables) Acquisition Evaluation & Deployment Ticket Policies
Approval Summary Approved Implementation Plan
Ticket WORM
AV Server Setup Change Request Resolved - AV Compliance
- Enterprise License
Summary
AV Upgrade Report via WORM Incident - AVS Incident Reporting
Report Summary
List of Licenses for Renewal - Migration Status (if
applicable)
AV Licensing Status - Recommendations &
Help Needed

Incident Report (Outbreak)

IM Output Vendor Output JFC-Based Actions (IM)

Antivirus Management
ROLE DELINEATION: Vendor versus IM
IM
Vendor
Main Office, Commy Stores
PROCESS AV Team
Deskside Team OISS Team IM AV Lead IM AV Lead
(MO, Commy, IM Infra Head IM S3D Head
(MO, Commy) (Stores) (MO, Commy) (Stores)
Stores)

PREPARATION
Antivirus Software License Acquisition C R A R A
Server Provision C R A R R
ANTIVIRUS SOFTWARE CLIENT DISTRIBUTION
Client Distribution R R R A A A A
ANTIVIRUS UPDATE MAINTENANCE
Management Console Updates R A A A A
Antivirus Updates Deployment R A A A A
Version Upgrade R A A A A
Antivirus Software License Renewal R A A A A
INCIDENT MANAGEMENT
Incident Management R R R A A A A
POLICY CONFIGURATION & MANAGEMENT REPORTING
Antivirus Software Policy Configuration R A A A A
Management Reporting & Actions R R A R A

• Vendor must be Responsible whereas IM must be Accountable across all

phases
Antivirus Management Process
PREPARATION PHASE PHASE 1
MILESTONE TASKS OUTPUT ACCOUNTABLE SLA

Antivirus Software 1. Determine the Antivirus Antivirus Software IM As needed

License Acquisition Software License type and Acquisition Evaluation & S'Don Balolong
required no. of seats. Approval

SBE: <=500 endpoints

Enterprise: >500 endpoints

2. Acquire Antivirus Software IM

Licenses. S'Don Balolong (MO, Commy)
S’Kiko Mendoza (Stores)

3. Provide a server for Antivirus AV Server Setup IM As needed

Server Provision Software. S'Don Balolong

On-prem server can hold up to

10 000 users.

4. Install the Antivirus

Management Console on the DXC
Server. AV Team
Northgate (initial config)
Antivirus Management Process
CLIENT DISTRIBUTION PHASE PHASE 2
MILESTONE TASKS OUTPUT ACCOUNTABLE SLA

1. Monitor total count of AV Deployment DXC Monthly

AV Software Client
purchased and used Antivirus Summary AV Team
Distribution
Software license seats.

*(Leadtime for additional seats:

30-45 days)

2. Install/upgrade Antivirus Client DXC Per new endpoint

to all endpoints Deskside Team
(desktops/laptops). Northgate & Software Vendors

Daily
DXC
3. Check if the endpoints are AV Team
reporting to the on-premise Deskside Team/GSD Team
Management Console (SEPM). Monthly

4. Validate AV Deployment IM
Summary - Utilization and S'Don Balolong (MO, Commy)
Management Console S’Kiko Mendoza (Stores)
Compliance.
Antivirus Management Process
AV UPDATE MAINTENANCE PHASE PHASE 3
MILESTONE TASKS OUTPUT ACCOUNTABLE SLA

Management Console 2. Check if the AV Management AV Compliance DXC 2:00 PM Daily

Updates Console automatically Summary AV Team
downloads updates from
source.

3. Determine if the AV AV Compliance DXC Within 48 hours

Antivirus Updates
Management Console Summary AV Team after the virus
Deployment
successfully distributes the signature files was
antivirus updates to all IM officially released
endpoints. S'Don Balolong (MO, Commy) by the source
S’Kiko Mendoza (Stores)
*If unsuccessful: Endpoint will
be reported as outdated in the
Management Console.
Deskside to check for the PC
on site and will raise a ticket.
Antivirus Management Process
AV UPDATE MAINTENANCE PHASE PHASE 3
MILESTONE TASKS OUTPUT ACCOUNTABLE SLA

1. Create implementation plan for Implementation Plan DXC Per release of new
Version Upgrade Antivirus version upgrade. M'Ria Cabalquinto AV software
version
2. Approve the implementation Approved IM
plan. Implementation Plan S'Don Balolong

3. Create change request for AV Change Request DXC 1 BD upon

version upgrade. M'Ria Cabalquinto approval

4. Apply AV upgrade to AV Upgrade Report via DXC 1 BD upon

Management Console. WORM M'Ria Cabalquinto creation of change
request
5. Send AV renewal notice. List of Licenses for DXC 2 months before
Renewal M'Ria Cabalquinto license expiration
Antivirus Software
License Renewal 6. Renew the Antivirus Software AV Licensing Status IM
Licenses. S'Don Balolong (MO, Commy)
S’Kiko Mendoza (Stores)
*Every 3 years per license seat
(with 2 months grace period
from Symantec)
Antivirus Management Process
INCIDENT MANAGEMENT PHASE PHASE 4
MILESTONE TASKS OUTPUT ACCOUNTABLE SLA

1. Investigate and respond Incident Ticket DXC Daily

Incident Management to virus attacks reported AV Team
at the Management Deskside Team/GSD Team
Console or open tickets
raised by the user.

2. Send a notification to the Per virus attack

deskside team to check DXC
for the endpoint on site. AV Team

3. Check and resolve the Ticket Resolved

virus attack on the DXC
endpoint. Deskside Team/GSD Team

4. Create a report on major DXC

virus outbreaks and AV Team
detailing actions taken to
resolve and prevent
recurrence.

5. For major virus outbreak: Incident Report IM

Ensure timely AV incident S'Don Balolong (MO, Commy)
resolution and problem S’Kiko Mendoza (Stores)
mgmt reporting of
Vendor.
Antivirus Management Process
POLICY CONFIGURATION & MANAGEMENT REPORTING PHASE PHASE 5
MILESTONE TASKS OUTPUT ACCOUNTABLE SLA
1. Identify policies to be Added/deleted/revised Policies DXC As requested by
Antivirus Software added/deleted/revised on AV Team the user
Policy Configuration Management Console.

2. Approve/reject policies to IM Per change

be added/deleted/revised S'Don Balolong (MO, Commy) request
on the Management S’Kiko Mendoza (Stores)
Console.

3. Ensure timely
configuration of
approved AV policies in
the Management
Console.
DXC
4. Configure policies based M'Ria Cabalquinto 1 BD upon
on needed policies of the approval
JFC environment.
Antivirus Management Process
POLICY CONFIGURATION & MANAGEMENT REPORTING PHASE PHASE 5
MILESTONE TASKS OUTPUT ACCOUNTABLE SLA
Management 5. Provide regular reports WORM DXC Weekly
Reporting & Actions to management. - AV Compliance M'Ria Cabalquinto
- Enterprise License
Summary
- AVS Incident Reporting
Summary
- Migration Status (if
applicable)
- Recommendations & Help
Needed

6. Create a report on major Incident Report (Outbreak) DXC Per incident

virus outbreaks and AV Team
detailing actions taken to
resolve and prevent
recurrence.

7. Validate reports and JFC-Based Actions (IM) IM

accomplish assigned IM S'Don Balolong (MO, Commy) Weekly
action plan & timeline. S’Kiko Mendoza (Stores)
Antivirus Management Process – KRA/KPIs

IM Accountable VENDOR
KRA EXPECTED IM DUTIES THRESHOLD IM OUTPUT
INFRA STORES REPORT

Antivirus
a. Determine the Antivirus
SBE: <=500 Software
Software License type and
endpoints Acquisition
no. of seats that would S'Don Balolong
Enterprise: >500 Evaluation &
meet organizational
Antivirus endpoints Approval (basis
requirements. Enterprise
Software for license type
License & no. of seats)
License
JB: E.Tablada, Summary
Acquisition/
B.Guevara via WORM
Renewal b. Ensure timely renewal of
CK & RR: Renewal: Every 3
Antivirus Software Licenses. S'Don Antivirus
R.Salvador years per license
*for stores: create SHC for Balolong Software
MI: A.Javier seat
new stores. Renewal Report
BK: O.Manapat
GW: R.De Leon
AV Compliance
a. Validate AV Deployment Within Total Monthly Report
Antivirus S'Kiko
Summary - Utilization and Purchased Seats AV Compliance (IM validated -
Software Client S'Don Mendoza
Management Console Summary Within Total
Distribution & Balolong S’Edmond
Compliance as presented by 95% AV via WORM Purchased Seats
Compliance Tablada
DXC in WORM. Compliance & meets 95%
threshold)
Antivirus Management Process – KRA/KPIs

IM Accountable
KRA EXPECTED IM DUTIES THRESHOLD DXC REPORT IM OUTPUT
INFRA STORES

a. Approve/reject policies
requested by the JFC users
to be
added/deleted/revised on
Antivirus the Management Console S'Kiko Policies to be Approved/reject
S'Don
Software Policy Policies. Mendoza configured in the ed Policies
Balolong
Configuration S’Mike Perez Console Report
b. Ensure timely
configuration of approved
AV policies in the
Management Console.

a. Accomplish assigned IM
action plan & timeline S'Kiko Recommendations
S'Don
BAU based on vendor Mendoza & Help Needed
Balolong
recommendations and help S’Mike Perez via WORM
needed.
JFC-Based
Actions Report

a. Ensure timely AV incident

Incident S'Don S'Kiko
resolution and problem P1-P4 SLA Incident Report
Management Balolong Mendoza
mgmt reporting of Vendor.
ANTIVIRUS
MANAGEMENT
PROCESS