1. When an organization undertakes an InfoSec-driven review of job descriptions, which job descriptions must be reviewed? Which IT jobs not directly associated with information security should be reviewed?
2. List and describe the criteria for selecting InfoSec personnel.
3. What are some of the factors that influence an organization's hiring decisions?