Refer to the information below to answer the question.
A large organization uses unique identifiers and requires them at the start of every system session.
Application access is based on job classification. The organization is subject to periodic independent
reviews of access controls and violations. The organization uses wired and wireless networks and
remote access. The organization also uses secure connections to branch offices and secure backup
and recovery strategies for selected information and processes.
Following best practice, where should the permitted access for each department and job
classification combination be specified?

A.
Security procedures

B.
Security standards

C.
Human resource policy

D.
Human resource standards