Read the Closing Case at the end of Chapter 4 just before the End Notes in the Management of Information Security Book. Answer the two initial Discussion Questions.
Discussion Questions
1. If the Enterprise Policy Review Committee is not open to the approach that Mike and Iris want to use for structuring lnfoSec policies into three tiers, how should Mike and Iris proceed?
2. Should the CISO (Iris) be assessing HR policies? Why or why not?
Second under Ethical Decision Making, answer the following:
