nerdexam
EC-Council

312-50V10 · Question #262

When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?

The correct answer is B. A top-down approach. A top-down security approach is one where senior management initiates, sponsors, and enforces the security policy, giving it organizational authority and resources.

Information Security and Ethical Hacking Fundamentals

Question

When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?

Options

  • AA bottom-up approach
  • BA top-down approach
  • CA senior creation approach
  • DAn IT assurance approach

How the community answered

(14 responses)
  • B
    93% (13)
  • C
    7% (1)

Why each option

A top-down security approach is one where senior management initiates, sponsors, and enforces the security policy, giving it organizational authority and resources.

AA bottom-up approach

A bottom-up approach is the opposite model, where IT or technical staff try to establish security practices without formal senior management mandate or organizational authority.

BA top-down approachCorrect

In a top-down security approach, executive or senior management drives the creation and formal enforcement of security policies, supplying the budget, authority, and consequences necessary for organization-wide compliance. This is the preferred model because management commitment ensures policies carry weight across all departments, not just IT. It stands in direct contrast to a bottom-up approach, where technical staff attempt to enforce security without formal executive backing.

CA senior creation approach

'Senior creation approach' is not a recognized term in any security program management framework or certification domain.

DAn IT assurance approach

'IT assurance approach' is not a standard security governance term and does not describe a management-driven enforcement model.

Concept tested: Top-down security program management and policy enforcement

Source: https://csrc.nist.gov/publications/detail/sp/800-100/final

Topics

#security policy#top-down approach#management support#security program

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice