Write a 200 – 300 word response for each question.
- Consider the process of policy development and enforcement across an enterprise. How often should you perform risk analysis?
- How can you provide a safe environment without making it too burdensome for users to complete their work?
- What are the responsibilities of a chief information security officer? Where and how does the person occupying this position fit into a large enterprise?
- Why is information security a management problem? What can management do that technology cannot?