You are working as an IT security professional for an organization $($called Web Site $101)$ that has $300$ employees, one large corporate office with three floors. Your organization is a website development company with gross revenue of two million dollars per year.

Recently security problems have become a hot topic with management and you have been asked by the CISO $($chief information security officer$)$ to write a security recommendation paper for your organization. Security problems include:

Data loss due to employee negligence

Physical break ins

Employees complain they do not understand what is expected of them from a security standpoint

The network administrators complain the company allows free access to anything on the network for anyone who asks

Web Site $101$ home Web page was recently hacked

You are to write a paper making recommendations to help correct the security issues at Web Site $101.$ The paper should cover access control methods, physical access controls, risk assessment and environmental controls and other items you feel important to ensure future information security at Web Site $101.$

I need a reference to this.