1. A security program should address issues from a strategic, tactical, and operational view. The security program should be integrated at every level of the enterprise's architecture. List a security program in each level and provide a list of security activities or controls applied in these levels. Support your list with real world application data.
2. The objectives of security are to provide availability, integrity, and confidentiality protection to data and resources. List examples of these security states where an asset could lose these security states when attacked, compromised, or became vulnerable. Your examples could include fictitious assets that have undergone some changes.
3. Risk assessment can be completed in a qualitative or quantitative manner. Explain each risk assessment methodology and provide an example of each.