Problem
Suppose you are conducting a security audit of systems in your organization. The company's workforce is divided into workgroups, and different information technology (IT) personnel have been assigned to each group. During the audit, you find that some workgroups have different security-related programs installed on their systems. For example, one group has a commercial antivirus product installed, but another uses a freeware program. How should such a situation be handled?