1. What was important about Rand Report R-609?
2. Who decides how and when data in an organization will be used or controlled? Who is responsible for seeing that these wishes are carried out?
3. Who should lead a security team? Should the approach to security be more managerial or technical?