Explain the importance of creating and enforcing plans, policies, and procedures to manage risk.

Explanation should include the difference between a plan, a policy, and a procedure and should address

• employee policies (e.g., acceptable use policies [AUPs])
• incident (i.e., breach) response
• legal/oversight requirements.

Process/Skill Questions:

• When a school AUP has a guideline not included in state or federal statutes, do you have to comply with the school policy?
• Does it matter whether you have signed the school AUP in terms of your accountability for violating the policy?
• How should an employer go about informing workers of changes to the AUP?
• What are ICS and why is important to secure them?
• How are ICS and IT Systems Security different?