Name: Gerson A.

Caga Week: 6 IT-421

Instructor: Dennis Rham S. Manceras BSIT-BA

1. Create your own sample company and discuss your primary procedure on
assessing and protection methods you used.

DREAM COMPANY

 Provide for appropriate staff security training.

 Monitor user activity to assess security implementation.
 INTERVIEW
 DATA GATHERING

2. Why are Security audits necessary?

Security audits will help protect critical data, identify security loopholes, create new
security policies and track the effectiveness of security strategies. Regular audits can
help ensure employees stick to security practices and can catch new vulnerabilities.

Laboratory Challenge

● Look for contents for your research work.

Malware, also known as "malicious software," can be classified several ways in

order to distinguish the unique types of malware from each other. Distinguishing and
classifying different types of malware from each other is important to better
understanding how they can infect computers and devices, the threat level they pose
and how to protect against them.

Kaspersky Lab classifies the entire range of malicious software or potentially

unwanted objects that are detected by Kaspersky’s antivirus engine – classifying the
malware items according to their activity on users’ computers. The classification system
used by Kaspersky is also used by a number of other antivirus vendors as the basis for
their classifications.

The malware "classification tree"

Kaspersky’s classification system gives each detected object a clear description and a
specific location in the ‘classification tree’ shown below. In the ‘classification tree’
diagram:

● The types of behavior that pose the least threat are shown in the lower area of
the diagram.
 ● The types of behavior that pose a greater threat are displayed in the upper part
of the diagram

Malware types with multiple functions

Individual malware programs often include several malicious functions and

propagation routines – and, without some additional classification rules, this could lead
to confusion.

For example, a specific malicious program may be capable of being spread via
an email attachment and also as files via P2P networks. The program may also have
the ability to harvest email addresses from an infected computer, without the consent of
the user. With this range of functions, the program could be correctly classified as an
Email-Worm, a P2P-Worm or a Trojan-Mail finder. To avoid this confusion, Kaspersky
applies a set of rules that can unambiguously categorize a malicious program as having
a particular behavior, regardless of the program functions:

● The ‘classification tree’ shows that each behavior has been assigned its own
threat level.
● In the ‘classification tree’ the behaviors that pose a higher risk outrank those
behaviors that represent a lower risk.
● So… in our example, the Email-Worm behavior represents a higher level of
threat than either the P2P-Worm or Trojan-Mail finder behavior – and thus, our
example malicious program would be classified as an Email-Worm.

Multiple functions with equal threat levels

● If a malicious program has two or more functions that all have equal threat levels
– such as Trojan-Ransom, Trojan-Arc Bomb, Trojan-Clicker, Trojan-DDoS,
Trojan-Downloader, Trojan-Dropper, Trojan-IM, Trojan-Notifier, Trojan-Proxy,
Trojan-SMS, Trojan-Spy, Trojan-Mail finder, Trojan-Game Thief, Trojan-PSW or
Trojan-Banker – the program is classified as a Trojan.
● If a malicious program has two or more functions with equal threat levels – such
as IM-Worm, P2P-Worm or IRC-Worm – the program is classified as a Worm.