CAP · Question #352
Information Security management is a process of defining the security controls in order to protect information assets. The first action of a management program to implement information security is to
The correct answer is A. Security organization C. Information classification D. Security education. A security program's core objectives are: (A) Security organization - establishing roles, responsibilities, and governance structures for managing security; (C) Information classification - categorizing data by sensitivity so appropriate controls can be applied; and (D) Security
Question
Information Security management is a process of defining the security controls in order to protect information assets. The first action of a management program to implement information security is to have a security program in place. What are the objectives of a security program? Each correct answer represents a complete solution. Choose all that apply.
Options
- ASecurity organization
- BSystem classification
- CInformation classification
- DSecurity education
How the community answered
(26 responses)- A88% (23)
- B12% (3)
Explanation
A security program's core objectives are: (A) Security organization - establishing roles, responsibilities, and governance structures for managing security; (C) Information classification - categorizing data by sensitivity so appropriate controls can be applied; and (D) Security education - ensuring personnel understand policies and threats through training and awareness programs. 'System classification' (B) is not a standard objective of a security program itself; classifying systems is a separate IT asset management activity, while information classification is the recognized security program objective.
Topics
Community Discussion
No community discussion yet for this question.