Explanation should include the difference between a plan, a policy, and a procedure and should address
- employee policies (e.g., acceptable use policies [AUPs])
- incident (e.g., breach) response
- legal/oversight requirements.
Process/Skill Questions:
- When a school AUP has a guideline not included in state or federal statutes, do you have to comply with the school policy?
- How should an employer go about informing workers of changes to the AUP?
- What are industrial control systems (ICS), and why is it important to secure them?
- How are ICS and IT systems’ security different?