1) You are in charge of IT assets for a company. You are attending a meeting with your management to address questions and concerns around security for the organization. You are the featured presenter at the meeting. The meeting starts in a somewhat unstructured fashion and you are presented with the following questions.
a) We have never had an attack. Why are you so concerned now?
[Your answer goes here.]
b) How would we determine what assets we have, what needs to be protected, and how to protect them?
[Your answer goes here.]
c) I have heard we need a written security policy. Why would we need a written policy? How often would we need to revise it? Who in the organization would need to be involved in this process?
[Your answer goes here.]
d) What is the difference between an insider attack and an outsider attack?
[Your answer goes here.]
o What is this defense in depth approach to security that we keep hearing about?
[Your answer goes here.]