... problems
the different requirements of different users and business units (R&D
requires more flexibility, but also more security, production may not
need only standard solution etc.)
People and their attitudes towards security, company policies and
standards. These must not feel like paper pushing because of the paper
pushing.
Questions like:
can the service provider be trusted to terminate company user’s
IPSEC tunnel and then create another one?
how can the user terminal be protected outside company network
so that it won’t serve as a host for trojan horses or reveal sensitive
data to non-employes about the network?
Creating the security policy and rules.