As the CISO, I would first implement two-factor authentication. The company would need this because it is important to have another way of identification of employees and others, incase they don’t remember their passwords or other identification methods. Next, the company would need an incident report team so that if something occurs, it can be easily reported to the police. Lastly, encryption could work for the company, so that their is more privacy for sensitive information and anything related to the company. All of these strategies would ensure that the systems are only available to those who are authorized to access the information.