Read the Closing Case at the end of Chapter 4 just before the End Notes in the Management of Information Security Book. Answer the two initial Discussion Questions. 

 Discussion Questions 

 1. If the Enterprise Policy Review Committee is not open to the approach that Mike and  Iris want to use for structuring lnfoSec policies into three tiers, how should Mike and  Iris proceed?  

2. Should the CISO (Iris) be assessing HR policies? Why or why not? 

Second under Ethical Decision Making, answer the following:

• Has Mike broken any laws in representing Iris’ policy work as his own?
• Has Mike committed an ethical lapse in doing so, or is he just being inconsiderate