5.06.03 Non Compliance Response

I. Purpose

This procedure documents Bradley University’s method and means of responding to a malware threat.

Policy Supported

This procedure is in support of Malware Protection (5.06).

II. Description

Computer and network activity resulting from malware is costly to the institution in a number of ways. Data loss, system corruption, and the cost of human and financial resources required to restore system and network integrity are detrimental to the institution. There is no one product which will secure and protect the campus systems and network. Reasonable efforts must be made by individuals, departments, and technology support units to provide system and network protection from destructive programs and other security encroachments.

Advice and Assistance

Information Technology will provide protection assistance by assisting individuals with recovery from malware. This includes advice on containment to stop the spread, help with removing malware, and advice on how to prevent a recurrence.

Noncompliance

Computer users not complying with this computer security procedure leave themselves and others at risk of infections which could result in:

• Damaged or lost files
• Inoperable computer resulting in loss of productivity
• Risk of spread of infection to others
• Confidential data being revealed to unauthorized persons

An individual's non-compliant computer can have significant, adverse affects on other individuals, groups, or the University itself. It is critical for the protection of all individuals using the campus network that each computer be adequately protected against virus activity. Non-compliance with this policy by use of a computer on the campus network which is not adequately protected against virus infection may result in a variety of negative outcomes outlined below.

University-owned computers (purchased through Campus Computer Sales and supported by IT)

Virus activity is generally initially suspected when a great deal of traffic is identified by network administration software coming from a particular IP address (in use by a particular individual) on the network. When this occurs, the following steps are taken:

• Network access by that computer will be restricted.
• A trouble ticket will be opened by the Service Desk, the University employee responsible for the infected computer will be contacted. (If the responsible party cannot be identified, the restriction will remain in place until someone contacts the HelpDesk about the computer.)
• A time will be arranged for the infected computer to be scanned and cleaned. If files appear to be damaged or missing, file recovery will be attempted.
• The IT staff person will ensure that antivirus software is installed and updating daily on the computer before the ticket is closed.

Student-owned computers

As with university-owned computers, virus activity on student computers is generally identified when a great deal of traffic is coming from a particular IP address (in use by a particular individual) on the network. The following steps are taken when this occurs:

• Network administrators will restrict the user's access to the network and notify the HelpDesk of the restriction. The HelpDesk will call the student to whom the computer is registered to inform them of the restriction.
• The student must bring their laptop or CPU to the HelpDesk for assistance in scanning and cleaning the malware from the system.
• The student must demonstrate that antivirus software is installed and set to update daily before network access is restored.
• A fee of $25 will be charged for an initial violation. A fee of $50 will be charged if there is a subsequent violation by the same student. If non-compliance with the policy continues, the student may be referred to the residential life and student judicial services office.

III. Scope

Some systems are on the campus network which do not fall under the categories of University or student owned. As stated earlier, all systems connected to the Bradley University network, whether wired or wireless, must have current virus protection software installed and running.