1. Can you harden your critical legacy applications to operate across hostile open networks?
2. Should you aim to secure your wireless networks?
3. What is the most appropriate strategy for encrypting enterprise and third-party communications?
4. Does your use of encryption present a potential entry point for malware or inappropriate content?
5. How can you best enforce the "acceptable-use" policy?
6. What is the best strategy for enterprise identity management?
7. How do you plan to control third-party users?
8. Should you block or simply alert on suspected intrusions?
9. Should intrusion-prevention systems be sited on hosts or in networks?
10. Should antimalware defenses be incorporated into clients or networks?