You are the CISO of your company. Your primary responsibility is assessment, management, and implementation of InfoSec in your organization. Your organization has set up new servers to hold the personally identifiable information (PII) of the clients in your company. The CIO of your organization is advising you for strategic security assessment, management, and implementation using the CNSS security model.
I have uploaded some documents with respect to InfoSec procedures, policies, and guidelines. Consider the definition of Information Security with respect to the CNSS security model. Focus on C.I.A triad. What technologies and InfoSec procedures you would choose, and how would you consider management and implementation of security measures with respect to InfoSec? This is in relation to Storage, Processing, and Transmission considering incorporation of Policies, Education, and Technologies.