We have to do task 5 based on deliverable point full description

Description: SALT, or Smart And Living Technologies, is a medium-sized software development firm based in Nepal. It was founded in 2004 and operates from two locations, with offices in both sites. The company uses a third-party data center to host its information systems, which represents the entirety of its IT infrastructure. SALT serves small to medium-sized businesses worldwide, providing software solutions and consulting services. Most of the department heads have been with the company since its inception, with the exception of the recently appointed Chief Information Security Officer (CISO). This lack of formal documentation is likely due to the department heads' knowledge of the company's business processes. Naresh Bangdel is the CEO of SALT, a software development company he founded in partnership with his friend Arushi, who is now an investor but has minimal involvement in the business operations. Despite being an engineer, Naresh lacks knowledge of modern technical IT security. Prior to recent events, the company had not experienced any significant IT security issues. However, in a span of three days, the company's website was vandalized, their email system was infected with a severe virus, and a large amount of data was destroyed as a result of a series of attacks. Naresh has a broad range of concerns regarding the management of IT security risks. He needs to investigate if the hackers who targeted the company are likely to strike again. Based on the recent attacks, he suspects that the hackers may have been seeking to steal proprietary information for personal or financial gain or to harm the company's reputation. Additionally, there is evidence that a past disgruntled employee may be planning to seek revenge against the company. Internal Audit Report: General: - Improper operating procedures by employees - Insufficient security awareness and negligence - No acceptance of security responsibilities - Inadequate standard operating procedures - Unattended machines - Neglect of media - Printing of sensitive materials - Failure to shut down computers at the end of the workday - Failure to backup information Hardware problems: - Inadequate security measures for hardware (such as unsecured laptops) - Damage caused by physical environment Software concerns: - Low quality, untested software - No audit logs - Inadequate access control - Insufficient identification and authentication techniques - Limited antivirus software - Lack of restrictions on specific files during operation - Insufficient security awareness and negligence Task 5: list down any 4 key weakness Nulnerabilities you found during your external audit: Deliverable: - Introduction to Vulnerability - Clause of the law and standard which you have taken into consideration that supports this statement - Detail Description of vulnerability (risk involved current and future) - Propose your recommendation to the CEO and Management team - Record the response which also includes the completion date from the CEO and Management Team - Appendix I for each weakness (Add any supporting evidences) - Appendix II (contract, others) Conclusion