1) How wide, deep and broad should definitions of security go? What would you include and what would you exclude? Is there ever a benefit to keeping definitions of security more narrowly defined? If it is too broad, how do you prioritize correctly, given resource limitations?
Part 2) Compare and contrast the e-commerce and the industrial control systems (ICSs) security frameworks.