CKD is a virtual reality application maker that specializes in the advanced VR technologies that are often used by government agencies as training simulators and by gamers who seek cutting edge gaming technology. When it comes to advances in application technology, no one beats CKD. CKD's business strategy focuses on forward thinking research and development (R&D) and very high end VR systems. They have built a niche market catering to those in want of advanced VR capabilities. As such, their rivals (both foreign and domestic) would love to get their hand on CKD's research data and design specifications. That threat is only second to CKD having its production line shut down. CKD isa small start-up company with about 100 employees selling high end products. They have no inventory and must keep up with government contracts not to mention gaming customer demand. If their production line goes down for any length of time, they are out of business Because CKD relies heavily on its information and information systems, having a solid information security program is imperative. Loss of R&D data would wipe them out. However, because CKD is a start-up funds for information security are limited and the accounting officer keeps a tight hold on spending, and because production cannot be interrupted the operations officer doesn't want anything fowling up product output even if it is essential to information security. Major decisions at CKD are made by the executive council (EC) which consist of the Chief Executive Officer (CEO), Chief Operations Officer (COO), Chief Financial Officer (CFO), Chief Legal Officer (CLO) and Chief Information Officer (CIO). You have been hired to file the role of Chief Information Security Officer (CISO In that capacity you and your staff of six are responsible for developing cyber security policies, securing the CDKs information infrastructure and performing IT audits for security and compliance