Describe and explain information security threats, vulnerabilities, and attack types.

Assignment #3 – Anti-Virus on every OS?
Let’s revisit your role as Chief Information Security Officer (CISO) at a high profile technology
company! You’re tasked with identifying Anti-virus options for every operating system you have in
your company. Most of your computers run Windows 10/11, but you have a few MacOS computers in
network as well. And a number of servers that run Linux that every computer connects to for various
purposes.
Explore the built in options to each of the OS and describe how they work – Windows defender; Mac
has Xprotect, their notarizer, etc; And linux generally has nothing built in. Are these sufficient for most
companies? Do they provide sufficient capabilities for a business? Are they heuristic in nature, do
they look for odd behaviors? Or are they simply looking at signatures of known Malware?
If you don’t think they are sufficient, what options do you have for each of the OSes to protect yourself
from Malware?
What will we do?
Write a document showing you have conducted research on the built-in anti-virus systems with some
explanation as to how they work. These include:
• Windows Defender
• MacOS XProtect and Notarizer (Be sure to look up MacOS XProtect as the name is used
elsewhere as well)
• Linux…
Answer the questions outlined above and determine if those are sufficient for 1) your own computer or
2) a company. If they aren’t sufficient, what would you recommend?
Why are we doing this?
The role of a CISO is meant to protect the information systems and data within an organization.
Malware is a persistent and evolving issue that can provide Advanced Persistent Threat (APT) actors to
gain access to your systems for long periods of time. And provide access vectors for standard hackers
to gain access to sensitive data. Understanding some of the options that exist are important.
Learning Objectives
This assignment makes use of multiple course objectives
• Describe and explain information security threats, vulnerabilities, and attack types.
• Identify information security requirements for organizations and systems.
• Explain Integral parts of best practices in information secure