1. What is the purpose of defining a framework for IT security policies?
2. What are the differences between flat and hierarchical organizations?
3. How do you overcome employee apathy toward policy compliance?
4. What are the major components of an information systems security policy?