What needs to be considered to determine the security category of an information system? Which one is correct? 1. The security categories of all information types resident on the information system 2. The security categories of systems on adjacent networks 3. Any known vulnerability on the system.