Your company recently reviewed the results of a penetration test on your network. Several vulnerabilities were identified, and the IT security management team has recommended mitigation. The manager h
| Information Systems Governance CYB/405 Version 1 |
Your company recently reviewed the results of a penetration test on your network. Several vulnerabilities were identified and the IT security management team has recommended mitigation. The manager has asked you to construct a Plan of Action and Milestones (POA&M) given that the following vulnerabilities and mitigations were identified:
The penetration test showed that not all systems had malware protection software in place. The mitigation was to write a malware defense process to include all employees and retest the system after the process was implemented.
The penetration test indicated that the data server that houses employee payroll records had an admin password of “admin.” The mitigation was to perform extensive hardening of the data server.
The penetration test also identified many laptop computers that employees brought to work and connected to the internal network some of which were easily compromised. The mitigation was to write a Bring Your Own Device (BYOD) policy for all employees and train the employees how to use their devices at work.
| Description of Vulnerability | Severity Category | Mitigation | Scheduled Completion Date | Milestones |
| <Describe vulnerability> | <CAT I, most severe and requires action within 30 days CAT II, severe and requires action within 90 days CAT III, vulnerabilities that will require action based on program timeline that may include financial resources> | <As described by IT security management team> | <Best guess based on the complexity of the vulnerability> | <Identify specific requirements to correct the identified vulnerability. There are usually several of these> |
Copyright © 2017 by University of Phoenix. All rights reserved.
