( 15) Incident reporting, incident management, and user ID addition / removal are examples of which of the following?
( 16) Which of the following are written instructions on how to comply with standards?
( 17) What is something you can measure against to demonstrate value, such as gauging if you’ ve reasonably covered risks in your organization?
( 18) Which personality type tends to be best suited for delivering security awareness training?
( 19) In Kotter’ s change model, which step is generally part of informal discussions rather than part of the formal implementation process?
( 20) A primary reason why security policies often fail is ___________.
( 21) Which of the following is not true of security policy enforcement?