Business Policies - Computer Virus Policy

<< Back to Homepage

TO: All Members of the University Community 99:07
DATE: May 1999

(Supersedes 97:31)


    The purpose of this policy statement is to identify the possible points of entry by a virus and to determine the appropriate defense. The University must be prepared to deal with this threat at all levels of computing activity. Areas to be considered are the Enterprise Server, and all personal computers.


    Enterprise Server

    The University's IBM Enterprise Server is well protected from unauthorized access. Access to the MVS System is RACF protected. RACF provides:

    1. Three invalid password attempts will revoke the user ID and record them in the Audit File. The user ID will not be available again until reinstatement by the RACF Administrator.
    2. All data files are RACF protected and can only be accessed by an authorized user.
    3. FRS, HRS, and SIS are protected by RACF and their own internal security system.


    Personal Computers

    Personal computers are particularly vulnerable to attack due to the variety of software and external network interfaces available. In order to reduce the risk of introducing viruses to Ferris State University computers, all new software must be checked before it is loaded to a machine. Ferris State University has purchased several copies of anti-viral vaccine software for this purpose. The LAN Administrator will perform the software check, or direct the requester to the most convenient location that vaccine software is available.

    In order to prevent viruses from being introduced from external network sources (i.e., public bulletin boards), downloading software to unprotected Ferris State University machines is prohibited. It is the responsibility of the Computer Consortium Resource Managers (CCRM) to provide virus protection to PC's and servers in their consortia. Contact your LAN Administrator for assistance before proceeding. A notice warning Ferris State University students and staff about the risk of computer viruses will be published quarterly.

    Student computer labs are another potential virus source of entry to Ferris State University equipment. The CCRM's are responsible for developing and implementing virus protection measures appropriate for each lab. At a minimum, the following procedures will be implemented wherever applicable:

    1. No "write" access to the file server allowed for network users.
    2. Boot disks must be write-protected, if possible.
    3. New boot disks are to be created each semester or more frequently, if deemed necessary to assure disk integrity.
    4. Machines are to be turned off at the end of each day.

Richard Duffett, Vice President
Administration and Finance

Contact: Information Systems & Telecommunications