Your company recently reviewed the results of a penetration test on your network. Several vulnerabilities were identified, and the IT security management team has recommended mitigation. The manager has asked you to construct a plan of action and milestones (POA&M) given that the following vulnerabilities and mitigations were identified:
- The penetration test showed that not all systems had malware protection software in place. The mitigation was to write a malware defense process to include all employees and retest the system after the process was implemented.
- The penetration test indicated that the data server that houses employee payroll records had an admin password of “admin.” The mitigation was to perform extensive hardening of the data server.
- The penetration test also identified many laptop computers that employees brought to work and connected to the internal network,some of which were easily compromised. The mitigation was to write a bring your own device (BYOD) policy for all employees and train the employees how to use their devices at work.
Complete the 1- to 2-page Plan of Action and Milestones Template. (Must use this template!)