Question 1:

The field of IT security coexists with many other IT operations. How do you envision being able to justify your sometimes expensive costs to the rest of the IT department and upper management, especially if IT is not currently having security or compliance problems?


Question 2:
Why do people resist or resent audits? What can be done to remedy these attitudes and to change perceptions about these activities?