1. What are the basic things that need to be explained to every employee about a security policy? At what point in their employment? Why? (List at least 4 things). (For example, how to handle delicate information)

2.Come up with an example of your own, which would be caused by missing security policies?

3. Say you have an e-mail server that processes sensitive emails from important people. What kind of things should be put into the security policy for the email server?

4. Read the NCA&T university security plan in [1] and critique the plan.

5. Read the Griffith university plan in [2] and critique the plan.
6. Update the NCA&T State University plan.

[1] North Carolina Agricultural and Technical (NCA&T) State University Security Policy, available at: https://hub.ncat.edu/administration/legal/policies/sec7-info- tech/information-security-policy.pdf

[2] Griffith University Security Policy, available at:
https://www.griffith.edu.au/__data/assets/pdf_file/0028/276706/Informati on-Security-Policy.pdf