What are the main obstacles that keep organizations from having a well thought-out security policy? How can they be overcome?
What are good components of an organizational information security policy? What are some areas that you think should be addressed?
On an IT system development project, what team members are required to participate in requirements definition?