Consider your organization. (If you are not currently employed, choose an organization with which you are familiar or that you can explore on the web.) Where is the Chief Information Security Officer (CISO)? To whom does he/she report? What is the CISO’s title? How does this position relate to risk management? information system management? to privacy? to physical security? How is policy issued (that is – who signs it)? Who handles breaches: reporting about them to right authorities, communicating about them and recovering from them? Basically, discuss the organizational placement of the CISO and what this indicates about organization culture and focus on security.