I would like some guidance and assistance with the following questions.
Problem 1: Information Security is an expensive and difficult undertaking at best. Where would a CIO draw the line on what is sufficient and what steps should be taken to determine where that line is?
Problem 2: Of the several of the types of security threats to IT what measures can be taken as a CIO to eliminate or reduce them.
Problem 3: Access controls are good things and should be secure, but programmers continually add "backdoor access" to their programs. Is a good or a bad practice?
Problem 4: The government is continually making new laws regarding security controls. Is this a good or bad practice?