Failure to practice need-to-know is an example of which type of vulnerability?

The correct answer is based on the understanding of vulnerabilities in the context of information security. The concept of "need-to-know" is a fundamental principle in information security that restricts access to sensitive information based on the individual's necessity to access that information to perform their job duties.

When there is a failure to enforce the need-to-know principle, it represents a potential weakness in handling and protecting sensitive data. This type of vulnerability is categorized as an information vulnerability because it directly relates to how information is managed and safeguarded. Such lapses can lead to unauthorized access, resulting in the potential compromise of sensitive data, which can have significant implications for security and operational integrity.

In summary, the failure to practice need-to-know aligns with vulnerabilities concerning the management and protection of information, making it an example of an information vulnerability.