1.The set of laws, rules, directives, and practices that regulate how an organization manages, protects, and distributes controlled information is called _______.
2.The security concept that states every user should be responsible for his or her own actions is called_______.
3.The individual who is responsible for deciding on the access rights to the information for various personnel is called an _______.
4.Physical, technical, and administrative controls used to protect information systems are called_______.
5.The probability that a particular threat will exploit a particular vulnerability of an information system is called _______.
6.An event, process, activity, or substance that has an adverse effect on organizational assets is called a _______.