In 300- to 400-words, explain why security professionals must be aware of the requirements for protecting personal identification information (PII) that may be stored on organizational information systems.
Also, describe phishing and how it can be used to compromise the identity information of customers and employees.
Finally, briefly describe how to identify a phishing scam based on Ch. 3 of Fundamentals of information systems security.