Activity 3.5 case study | Information Systems homework help

Read the case study on page 161 and answer the following questions:

  1. If the enterprise policy committee is not open to the approach that Mike and Iris want to use for structuring information security policies into three tiers, how should they proceed?
  2. Should the CISO (Iris) be assessing HR policies? Why or why not?