Question 1: Why are processes necessary in security management? Explain how they add value to a security program. Give at least one example.
Question 2: What have privacy protection laws forced companies to do? Explain how companies like Facebook, Google, Yahoo, Amazon, etc. protect user's privacy. Do they also violate it?
Question 3: Explain the difference between risk management and risk analysis. How do they fit with IT security?