Does your company (or school) have a current disaster recovery plan? What are some of the activities involved in it? Do you feel confident that your company (or school) is prepared to survive a major disaster? Why or why not?
Has your company (or school) been the target of a network or system intrusion? What information was targeted? Was the attack successful? If so, what changes has your company (or school) made to ensure that this vulnerability has been controlled?
If you can’t think of an incident search the web for one. When Target was hit a few years back it was evident they did not protect the “back doors”.