Which of the following is NOT part of the design of an organizational security architecture?

a. security education

b. defense in depth

c. levels of controls

d. spheres of security

Over time, policies and procedures may become inadequate because of _____.

a. changes in the agency's mission and operational requirements, threats, or the environment

b. deterioration in the degree of compliance

c. changes in technology, infrastructure, or business processes

d. all of the above.

The principle of limiting users access privileges to the specific information required to perform their assigned tasks is known as _____.

a. task rotation

b. least privilege

c. need to know

d. minimal access

Security industry certifications are often used to help filter applicants for jobs, but suffer from which of the following challenges?

a. Most certifications are very easy to get, so they have limited value.

b. The certifying organizations are not well-respected in the industry.

c. Many existing certifications are relatively new and not fully understood by hiring organizations.

d. None of the above.

Which of these is NOT a part of the organizational change model used to support change management for Information security requirements.

a. freezing

b. unfreezing

c. security training

d. moving