Identify information security requirements for organizations and systems.

Assignment 3 – Anti Virus on every OS?

Let’s revisit your role as Chief Information Security Officer (CISO) at a high profile technology

company! You’re tasked with identifying Anti-virus options for every operating system you have in

your company. Most of your computers run Windows 10/11, but you have a few MacOS computers in

network as well. And a number of servers that run Linux that every computer connects to for various

purposes.

Explore the built in options to each of the OS and describe how they work – Windows defender; Mac

has Xprotect, their notarizer, etc; And linux generally has nothing built in. Are these sufficient for most

companies? Do they provide sufficient capabilities for a business? Are they heuristic in nature, do

they look for odd behaviors? Or are they simply looking at signatures of known Malware?

If you don’t think they are sufficient, what options do you have for each of the OSes to protect yourself

from Malware?

What will we do?

Write a document showing you have conducted research on the built-in anti-virus systems with some

explanation as to how they work. These include:

  • Windows Defender
  • MacOS XProtect and Notarizer (Be sure to look up MacOS XProtect as the name is used

elsewhere as well)

  • Linux…

Answer the questions outlined above and determine if those are sufficient for 1) your own computer or

2) a company. If they aren’t sufficient, what would you recommend?

Why are we doing this?

The role of a CISO is meant to protect the information systems and data within an organization.

Malware is a persistent and evolving issue that can provide Advanced Persistent Threat (APT) actors to

gain access to your systems for long periods of time. And provide access vectors for standard hackers

to gain access to sensitive data. Understanding some of the options that exist are important.

Learning Objectives

This assignment makes use of multiple course objectives

  • Describe and explain information security threats, vulnerabilities, and attack types.
  • Identify information security requirements for organizations and systems.
  • Explain Integral parts of best practices in information secure