Being the CISO for a publicly traded company is a lot of responsibility.  With this job, I am to protect critical data and create privacy policies that overall secure my company’s information. 

For starters, I will make sure employees of my company practice authentication and authorization procedures when entering or logging into company technology and accounts.  Limiting employee access to data will help ensure that only a handful of people have full access and control to our systems data. Next,  employees will be required to use password security policies.  With this policy, they are limited to the words they can use (no dictionary words are allowed), must be 12 letters long and use numbers or special features (*,!, @,$). Having a difficult password prevents hackers from using special equipment that generate hundreds words in seconds.  Alongside with the password accessing, Multi Factor Authentication (MFA) will be required for extra security. 

Employees will be limited to where they can access company information.  Our accounts will not allow them to use their own computers or access accounts at home.  Access to their accounts will only be available in the company area. Having this restriction makes sure that hackers are not targeting us from their homes.  Limiting the access location will make sure our company knows which computer is trying to log in and where in the building. Any outsider attempts will be blocked off. 

Lastly, having protection plans for our technology is important.  Many Microsoft Word versions (latest) come with free software security features.  As a company with a lot to lose, it’s important that we invest in these plans, without of course losing a lot of company money.