#EQ-1: Take a position either in support of or in opposition to the following statement: An organization with a solid business plan and risk management plan does not need an information security strategy, as long as it has sufficient information security policies and procedures in place. Explain your position (for or against) and justify your answer. #EQ-2: In your own words, explain why a business plan and strategy would be created using a top-down methodology, while InfoSec procedures and guidelines would normally be created using a bottom-up methodology.