What is an InfoSec program? What functions constitute a complete InfoSec program? What organizational variables can influence the size and composition of an InfoSec program's staff?
What is the typical size of the security staff in a small organization? A medium-sized organization? A large organization? A very large organization?