Sara, a company’s security officer, often receives reports of unauthorized personnel having access codes to the
cipher locks of secure areas in the building.
Which of the following should Sara immediately implement?

A.
Acceptable Use Policy

B.
Physical security controls

C.
Technical controls

D.
Security awareness training

Explanation:
Security awareness and training include explaining policies, procedures, and current threats to both users and
management. A security awareness and training program can do much to assist in your efforts to improve and
maintain security. A good security awareness training program for the entire organization should cover the
following areas: Importance of security; Responsibilities of people in the organization; Policies and procedures;
Usage policies; Account and password-selection criteria as well as Social engineering prevention.