Which of the following statements are true?
A. A prominent variable involved in structuring an InfoSec program is the size of the organization.
B. Small organizations spend disproportionately more on security, in comparison to larger organizations.
C. System security administration and centralized authentication are among the functions performed within the InfoSec department as compliance.
D. Security education seeks to train members of the organization how they should react and respond when threats are encountered in specified situations.
E. Computer-based training (CBT) is usually the least expensive security training delivery method.