When considering risk analysis$/$risk of failure, particularly with regard to passwords, the slightest of breaches, whether intentional, accidental, malicious, or naive, could very easily turn into a huge, time$-$consuming, and very costly situation. Quite simply, when an individual who does not have proper authorization to view information does so by using a password other than his$/$her own, it may lead to improper modifications, disclosures, or deletions. This could apply to email, databases, personal data, and$/$or confidential reports. Mistakes or mishaps as such could shut down the whole operation, in essence costing the company unforeseen and unwelcome expenditures. Your objective is to write a short policy for use at a mythical company with $100$ employees and five IT staff, two of whom are involved in security. You must figure out the risk of the policy failing and what it will cost to implement. $($Hint: when implementing a policy like this, remember you will have to educate the staff and enforce the policy$).$

While creating a password policy we must first consider and plan according to several preliminaries and the bottom line of the business model, inter alia, financially feasible etc. Small and relatively inexpensive, these multifunctional devices can be used for most of our computational communication needs, including voice calls, text messages, email, internet, video conferencing, and more. A significant amount of sensitive data may be stored and$/$or accessed via these devices. It is crucial that we have a solid policy regarding the use of such and it is important that we stress the password policy as being paramount in our efforts to secure our organizations dealings.

Feel free to add characteristics to the company, if necessary, but again, consensus is required. Don't complicate the model without a good reason.

The three parts:

$$ Preparation of the Policy

$$ Risk of Failure

$$ Cost to Implement