
5. Research at least five security awareness solution providers. Sum-
marize their similarities and differences.
6. Why is it important for a company’s officers to be able to demon-
strate due care? How is due care related to negligence?
7. Beginning in 2003, the InfoSec exam became integrated within
Aetna’s Business Conduct and Integrity training program. What
are the advantages of doing this? What are the disadvantages?
8. Why is it considered good practice for an organization to have its
users officially sign off on its security policy?
9. What factors should be considered in the development of any infor-
mation security awareness program?
10. It is ...