risk assessment strategy

 Given the following scenario, discuss in depth the risk assessment strategies and components that you would deploy in order to ensure that secure defenses and compliance attributes are embedded into the core of your network and information security deployment. Marketing company X has a need to keep their propriety methods of marketing strategies safe from other companies who may use their information to gain a competitive advantage. The company is choosing cloud storage as their safe haven for information, and has decided not to store any of their data locally. For speed purposes, the company has also chosen to not use two-factor authentication and has chosen basic password security authentication instead, allowing those with a need to know to access the information using a simple password. This was mandated by the CTO of the company in order to make things easy for the staff, who know very little about computer security, and complain about things taking too many steps to access. Discuss and describe how you would handle this situation, and perhaps make note of any recommended changes you would make as you deploy your risk assessment strategy to help the CTO understand the consequences and/or rewards for the decisions made thus far.