The Chief Information Security Officer has the duty to secure the company over a variety of aspects. In this situation, the CIA triad sets a good foundation for security. Using this model, along with other NIST frameworks, can provide helpful guidance and information. In my opinion, employee training is essential. All it takes is for an employee to click a simple phishing link that compromises the whole operation. Ensuring that every link in the operation is strong promotes good security. A weak link can break the other solid links of the security protocols. However, no security in the business is 100%. Assuming that can be a big mistake. Security in the cyber world is not set it and forget it. Change is always coming, and one has to keep informed, and change accordingly. Also, access controls to default to “white list” limits company info to a need to know basis. New employees may not need to see certain things to perform their job. This further promotes security. Also, when an employee leaves the company, the information and account access should not be allowed to be accessed anymore. Also, ensuring what changes occur are important to note (what time, who changed it, and what exactly was changed in the program).