Assume that your class is the management team of a medium-sized business that sells goods to consumers online. You conduct a security assessment and identify that the information systems are vulnerable to information leakage, and that account and customer information can be stolen; in essence a breach of PII. What controls or safeguards would you recommend implementing to address this situation, how would you select a control based on effectiveness and cost, and, based on your selected control(s), what specific considerations would need to be factored into a high-level implementation mitigation plan and why?
