Describe top-down strategic planning. How does it differ from bottom-up strategic planning?
Which is usually more effective in implementing security in a large, diverse organization? How does the SecSDLC differ from the more general SDLC?
What is the primary objective of the SecSDLC? What are its major steps, and what are the major objectives of each step?