IT security measures should:

A.
be complex.

B.
be tailored to meet organizational security goals.

C.
make sure that every asset of the organization is well protected.

D.
not be developed in a layered fashion.

Explanation:
The National Institute of Standards and Technology (NIST) defines 33 IT Security principles.
Principle 8 states:
“Implement tailored system security measures to meet organizational security goals.”
In general, IT security measures are tailored according to an organization’s unique needs. While numerous
factors, such as the overriding mission requirements, and guidance, are to be considered, the fundamental
issue is the protection of the mission or business from IT security-related, negative impacts. Because IT
security needs are not uniform, system designers and security practitioners should consider the level of trust
when connecting to other external networks and internal sub-domains. Recognizing the uniqueness of each
system allows a layered security strategy to be used – implementing lower assurance solutions with lower costs
to protect less critical systems and higher assurance solutions only at the most critical areas.
Incorrect Answers:
A: According to the NIST IT security principles, IT security measures should strive for simplicity not be complex.
C: According to the NIST IT security principles, you should not implement unnecessary security mechanisms.
Protecting ‘every’ asset may be unnecessary.
D: According to the NIST IT security principles, IT security measures should be developed in a layered fashion.References:
http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf, p.10