What determines if an organization is going to operate under a discretionary, mandatory, or nondiscretionary access control model?
A.
Administrator
B.
Security policy
C.
Culture
D.
Security levels
Explanation:
B: The security policy sets the tone for the whole security program. It dictates the level of risk that management and the company are willing to accept. This in turn dictates the type of controls and mechanisms to put in place to ensure this level of risk is not exceeded.