( 22) In Kotter’ s change model, in which step does the ISO work with line management to collect metrics for assessing the policies’ effectiveness and ensure metrics are meaningful?( 23) Which personality type tends to be associated with good leaders?( 24) The basic elements of motivation include pride, success, and __________.( 25) Disaster recovery and tape backups are examples of which type of security control?( 26) What is the primary role of a security policy evangelist?( 27) Before you begin security policy awareness training, what is the first step you should take to help ensure success?( 28) Which of the following is not a security awareness training best practice?( 29) When publishing an internal security policy or standard, which role or department usually gives final approval?( 30) One of the key factors of a successful implementation of an organization-wide security policy is _______________.( 31) A business _______ emerges when an organization cannot meet its obligation or duty.( 32) Which of the following is a physical control?( 33) What does“ tone at the top” refer to?( 34) Which of the following is not a typical method of protecting intellectual property( IP)?( 35) A procedure for cleaning a virus from a system is an example of which type of security control?( 36) An organization’ s security awareness program is an example of which type of security control?( 37) Which of the following is a key measurement of an organization’ s risk appetite?( 38) The core requirement of an automated IT security control library is that the information is ________.( 39) Who is responsible for executing policies and procedures, such as backup and versioning?( 40) Which IT framework extends the COBIT framework and is a comprehensive risk management approach?