Chapter 4
Review questions 1,3,4,6,7,9,11,12,13 (Page 159-160)

1.	What is information security policy? Why it is critical to the success of the information security program. 
2.	List and describe the three challenges in shapping policy.
3.	List and describe the three guidelines for sound policy, as stared by Bergeron and Berube. 
4.	Are policies different from standards? In what way?
5.	Are policies different from procedures? In what way?
6.	Is policy considered static or dynamic? Which factors might determine this status?
7.	What is the purpose of an EISP?
8.	What is the purpose of an ISSP?
9.	What is the purpose of anSysSP?

Chapter 5----------Review questions 1,2,5,6,7,14,19,20-----------Page 207-208

1.	What is an information security program?
2.	What functions constitute a complete information security program?
3.	Where can an organization place the information security unit? Where should (and shouldn’t) it be placed?
4.	Into what four areas should the information security functions be divided?
5.	What are the five roles that an information security professional can assume?
6.	Describe the two overriding befits of awareness, training and education.
7.	Describe a sample seven-step methodology for implementing training.
8.	When developing an awareness program, what priorities whould you keep in mind?