Professional Documents
Culture Documents
CagaG IT421
CagaG IT421
CagaG IT421
1. Create your own sample company and discuss your primary procedure on
assessing and protection methods you used.
DREAM COMPANY
Security audits will help protect critical data, identify security loopholes, create new
security policies and track the effectiveness of security strategies. Regular audits can
help ensure employees stick to security practices and can catch new vulnerabilities.
Laboratory Challenge
Kaspersky’s classification system gives each detected object a clear description and a
specific location in the ‘classification tree’ shown below. In the ‘classification tree’
diagram:
● The types of behavior that pose the least threat are shown in the lower area of
the diagram.
● The types of behavior that pose a greater threat are displayed in the upper part
of the diagram
For example, a specific malicious program may be capable of being spread via
an email attachment and also as files via P2P networks. The program may also have
the ability to harvest email addresses from an infected computer, without the consent of
the user. With this range of functions, the program could be correctly classified as an
Email-Worm, a P2P-Worm or a Trojan-Mail finder. To avoid this confusion, Kaspersky
applies a set of rules that can unambiguously categorize a malicious program as having
a particular behavior, regardless of the program functions:
● The ‘classification tree’ shows that each behavior has been assigned its own
threat level.
● In the ‘classification tree’ the behaviors that pose a higher risk outrank those
behaviors that represent a lower risk.
● So… in our example, the Email-Worm behavior represents a higher level of
threat than either the P2P-Worm or Trojan-Mail finder behavior – and thus, our
example malicious program would be classified as an Email-Worm.
● If a malicious program has two or more functions that all have equal threat levels
– such as Trojan-Ransom, Trojan-Arc Bomb, Trojan-Clicker, Trojan-DDoS,
Trojan-Downloader, Trojan-Dropper, Trojan-IM, Trojan-Notifier, Trojan-Proxy,
Trojan-SMS, Trojan-Spy, Trojan-Mail finder, Trojan-Game Thief, Trojan-PSW or
Trojan-Banker – the program is classified as a Trojan.
● If a malicious program has two or more functions with equal threat levels – such
as IM-Worm, P2P-Worm or IRC-Worm – the program is classified as a Worm.