1. Who should pay for the expenses of certification? Why?
2. List and describe the standard personnel practices that are part of the information security function. What happens to these practices when they are integrated with information security concepts?