Internal Security Directive (Firemen’s v. Sorenson (Marriott derivative))¶
Use this to issue a directive or mandate from leadership on security: required actions, deadlines, or standards; creates clear accountability and follow-up.
Purpose¶
This directive establishes mandatory internal actions and timelines required to address risks and obligations associated with Firemen’s v. Sorenson (Marriott derivative). It is intended to create clear operational expectations, ownership, and enforcement posture across relevant teams.
Hallucinated writing examples¶
Scenario: In an illustrative period during Delaware derivative litigation over Marriott-Starwood cyber oversight allegations (time), the Security Director (role) prepares a internal security directive (type) for leadership stakeholders (audience).
INTERNAL SECURITY DIRECTIVE
Context: This directive enforces mandatory integration control actions and governance reporting in response to oversight themes raised in derivative litigation regarding Marriott-Starwood cybersecurity governance.
Directive: Effective immediately, designated integration control gaps (identity, logging, segmentation) shall be remediated via approved plans with dated milestones. Board-facing KPI evidence must be produced on recurring cadence. Exceptions require CISO approval with compensating controls and revisit dates. Initial closure roadmap submission is due by September 30, 2021.
Accountability and Deadlines: Integration and technology owners are accountable for execution and evidence. Security governance tracks performance and exception aging. Monthly reporting is mandatory; unresolved critical variances escalate to executive governance and board oversight forums.
Document-type guide: Internal Security Directive
Writing tips: Writing best practices — Internal Security Directive