You have just been hired as an Information Security Engineer for a large, multi-international corporation.
Unfortunately, your company has suffered multiple security breaches that have threatened customers' trust in the fact that their confidential data and financial assets are private and secured.
Credit-card information was compromised by an attack that infiltrated the network through a vulnerable wireless connection within the organization.
The other breach was an inside job where personal data was stolen because of weak access-control policies within the organization that allowed an unauthorized individual access to valuable data.
Your job is to develop a risk-management policy that addresses the two security breaches and how to mitigate these risks.