Write a professional memo to your management indicating why you believe the business needs to have a
password policy. Define what the policy should be with respect to the password and justify why you believe the
policy should be that. What are you protecting the business from and how does your recommendation do that?
Your memo should open with specific, compelling reasons why the organization should implement your policy
recommendations. What benefits will be gained? What problems will be solved or alleviated? End with a strong
conclusion. Speak in a language that a manager understands, and make sure you appeal to management
priorities.
Recommendations should be reasonably specific and justified; tell the reader, in top-level terms what actions to
take and why (i.e. “Enable the jatzenframing module on all Linux servers. This will prevent kibabble data
leakage through covert channels”). Your recommendations should stick to policies, and not the series of
mouse-clicks to turn those policies on or off.