1. Explain the important differences between application security engineering and infrastructure security engineering.
2. For the MHC-PMS, suggest an example of an asset, exposure, vulnerability, attack, threat, and control.
3. Explain why there is a need for risk assessment to be a continuing process from the early stages of requirements engineering through to the operational use of a system.