Policy

1- You are the Information Security Director for a medium sized company. You recently experienced a ransom-ware attack that cost the company $500,000.00. After the attack your CEO held a meeting and informed you and the other IT professionals that it “WILL” not happen again. Write a Directive to the employees of the company summarizing the requirement for all personnel to adopt the new 2-factor authentication for IT equipment access. Include a 30-day timeline to adopt, and the consequences of not adhering to the new policy.