1. Given the IT Security environment at your given school, provide an example of each type of control (physical, administrative, technical). Give a short reason why that control fits in that group.

2. Considering IT Security at your given school, give an example of an Individual and a Shareholder (within the context of a security policy). Is it possible that a person maybe both?

3. In the 7 Domains of IT Infrastructure, which do you think is hardest to write a policy for? Which is the easiest (likely the most controlled). Please describe why to each

4. When implementing new IT Security policies what are 2 ways to overcome employee apathy? How would you know you were successful in overcoming it?