1) Search your institution’s intranet or Web site for its security policies. Do you find an enterprise security policy? What issue-specific security policies can you locate? Are all of these policies issued or coordinated by the same individual or office, or are they scattered throughout the institution?
2) Using the framework presented in this chapter, draft a sample issue-specific security policy for an organization. At the beginning of your document, describe the organization for which you are creating the policy and then complete the policy using the framework.
3) Assume a smaller organization has a plan to implement a security program with three full-time staff and two or three groups of part-time roles from other parts of the business. What titles and roles do you recommend for the three full-time staff? What groups would commonly supply the part-time staff?
4) Draft a work breakdown structure for the task of implementing and using a PC-based virus detection program (one that is not centrally managed). Don’t forget to include tasks to remove or quarantine any malware it finds