312-50V9 · Question #35
When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?
The correct answer is B. A top-down approach. A top-down approach means senior management initiates, funds, and enforces the security program, giving it organizational authority.
Question
When creating a security program, which approach would be used if senior management is supporting and enforcing the security policy?
Options
- AA bottom-up approach
- BA top-down approach
- CA senior creation approach
- DAn IT assurance approach
How the community answered
(26 responses)- A8% (2)
- B88% (23)
- C4% (1)
Why each option
A top-down approach means senior management initiates, funds, and enforces the security program, giving it organizational authority.
A bottom-up approach is initiated by IT staff or lower-level employees, not senior management, and typically lacks the authority to enforce policy organization-wide.
In a top-down approach, senior management is the driving force behind creating and enforcing the security policy - they mandate compliance throughout the organization and allocate the necessary resources. This contrasts with a bottom-up approach where IT staff attempt to implement security without executive backing. Senior management involvement is essential for a program to carry organizational authority and long-term effectiveness.
'Senior creation approach' is not a recognized or standardized security program methodology.
'IT assurance approach' is not a standard term used to describe a security program creation strategy.
Concept tested: Top-down vs bottom-up security program approach
Source: https://csrc.nist.gov/publications/detail/sp/800-100/final
Topics
Community Discussion
No community discussion yet for this question.