Enumeration is the most aggressive of the information-gathering processes in any attack. During enumeration, an attacker determines which systems are worth attacking by determining the value a system possesses. Enumeration takes the information that an attacker has already carefully gathered and attempts to extract information about the exact nature of the system itself.
Answer the following question(s):
1. If you were an IT security manager, what would you include in your security policy regarding enumeration?
2. If you worked as an attorney in the Legal department, would you want different language in the security policy? Why or why not?
Fully address the question(s) in this task in one page; provide valid rationale for your choices.