1. How do we know at what point we can consider our environment to be secure?

2. If the Web servers in our environment are based on Microsofts Internet Information Server (IIS) and a new worm is discovered that attacks Apache Web servers, what do we not have?

3.If we develop a new policy for our environment that requires us to use complex and automatically generated passwords that are unique to each system and are a minimum of 30 characters in length, such as!Hs4(j0qO$&zn1%2SK38cn^!Ks620!, what will be adversely impacted?

4.Considering the CIA triad and the Parkerian hexad, what are the advantages and disadvantages of each model?