1. What is an information security program?
2. What functions constitute a complete information security program?
3. Where can an organization place the information security unit? Where should (and shouldn't) it be placed?
4. Into what four areas should the information security functions be divided?
5. What are the five roles that an information security professional can assume?
6. Describe the two overriding befits of awareness, training and education.
7. Describe a sample seven-step methodology for implementing training.
8. When developing an awareness program, what priorities whould you keep in mind?