[Trae Johnson]

This response clearly and in great detail explains why access controls are essential to the security stance of a business. I like how you broke down the concept into everyday language and explained how such policies control who has access to view or modify specific information. Your examples, such as demanding strong passwords, locking up computers, and using two-step verification, show effective ways businesses can apply these principles in everyday life. I also appreciate your mention of personal responsibility because the success or failure of a security policy is most often the result of human action. Referring both to hackers and system error, you showed respect for the entire spectrum of why access controls are necessary. Your response demonstrates how carefully crafted policies and constant user education work together to secure data and maintain trust in an organization.