Problem: There are three popular, established cyber security defense models offered to identify and mitigate gaps and vulnerabilities existing in information security programs. These three models are Three Lines of Defense Model from The Institute of Internal Auditors (IIA), NIST Cybersecurity Framework from the National Institute of Standards and Technology, and Plan, Do, Check, Act from ISO/IEC. How do these three defense models support Ms. Walden's information assurance concept of working security architecture? Which of these models do you recommend that AFF adopt and briefly justify your recommendation?