nerdexam
EC-Council

312-50V11 · Question #262

When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?

The correct answer is B. A top-down approach. A top-down security approach is defined by senior management initiating, supporting, and enforcing the organization's security policy from the highest level of authority.

Information Security and Ethical Hacking Fundamentals

Question

When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?

Options

  • AA bottom-up approach
  • BA top-down approach
  • CA senior creation approach
  • DAn IT assurance approach

How the community answered

(42 responses)
  • A
    5% (2)
  • B
    86% (36)
  • C
    7% (3)
  • D
    2% (1)

Why each option

A top-down security approach is defined by senior management initiating, supporting, and enforcing the organization's security policy from the highest level of authority.

AA bottom-up approach

A bottom-up approach originates from IT or technical staff who identify security needs without formal senior management direction or mandate.

BA top-down approachCorrect

In a top-down approach, executive or senior management drives the security program by mandating policies and committing organizational resources, which gives security initiatives the authority needed for enforcement across all departments. This model contrasts with a bottom-up approach, where security originates from technical staff without formal executive sponsorship. Senior involvement is the defining characteristic that distinguishes a top-down governance model.

CA senior creation approach

Senior creation approach is not a recognized or standardized term in security program governance frameworks.

DAn IT assurance approach

IT assurance approach is not a standard methodology for describing how a security program is initiated or governed within an organization.

Concept tested: Top-down vs bottom-up security program governance

Source: https://csrc.nist.gov/publications/detail/sp/800-100/final

Topics

#security policy#top-down approach#management support#security program

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice