1. Can you provide real world examples of ransomware policies? What recommendations can you offer companies to develop an effective policy? [ZEESHAN KAZMI] Have a very solid backup policy and make it part of your BC requirements right after life safety and communications. Do not recommend paying ransom, being affected by ransom is a symptom of poor EPP (end point protection) and data protection. [Mark Eggleston] I do not recommend a specific policy for this scenario. I do recommend following containment steps prescribed in a more generic malware response or CSIRT policy. Effective policy statements should include an executive decision…