Which of the following items is NOT used to determine the types of access controls to be applied in
an organization?
A.
Separation of duties
B.
Organizational policies
C.
Least privilege
D.
Relational categories
Explanation:
The item, relational categories, is a distracter. The other options are important determinants of
access control implementations in an organization.