Lynne is processing access control requests for her organisation. She comes across a request where the user does have the required security clearance, but there is no business justification for the access. Lynne denies this request. What security principle is she following?

As Graham decides what access permissions he should grant to each user, what principle should guide his decisions about default permissions?

What type of access control is composed of policies and procedures that support regula tions, requirements, and the organisation’s own policies?

Graham is investigating a potential privacy violation within her organisation. The organisation notified users that it was collecting data for product research that would last for six months and then disposed of the data at the end of that period. During the time that they had the data, they also used it to target a marketing campaign.

Which principle of data privacy was most directly violated?

Which one of the following facilities would have the highest level of physical security requirements?