1. How does the use of risk analysis facilitate the development and implementation of an information security policy together with its accompanying standards, guidelines, and procedures?
2. Why do we have to have the need for maintaining as well as the timeliness of a security policy?
3. Why do we need to periodically review the policy and keep it updated?