1. What is information security policy? Why it is critical to the success of the information security program.
2. List and describe the three challenges in shapping policy.
3. List and describe the three guidelines for sound policy, as stared by Bergeron and Berube.
4. Are policies different from standards? In what way?
5. Are policies different from procedures? In what way?
6. Is policy considered static or dynamic? Which factors might determine this status?
7. What is the purpose of an EISP?
8. What is the purpose of an ISSP?
9. What is the purpose of anSysSP?