Q1) As the security manager at XYZ Corporation, you're responsible for managing the intrusion detection environment. If you were given the ability to build the environment from scratch, would you use network based IDS, host based IDS, or a combination? Why? How would you structure your staff and organization to get the most out of your investment? Are there any strengths of one over the other that you may take into consideration? Which one is more expensive?