CAP · Question #61
Which of the following approaches can be used to build a security program? Each correct answer represents a complete solution. Choose all that apply.
The correct answer is A. Bottom-Up Approach C. Top-Down Approach. There are two recognized approaches to building a security program. The Top-Down Approach (C) is initiated by senior management, who define the security policy, assign resources, and mandate compliance throughout the organization - making it the most effective approach because it
Question
Which of the following approaches can be used to build a security program? Each correct answer represents a complete solution. Choose all that apply.
Options
- ABottom-Up Approach
- BRight-Up Approach
- CTop-Down Approach
- DLeft-Up Approach
How the community answered
(21 responses)- A90% (19)
- B5% (1)
- D5% (1)
Explanation
There are two recognized approaches to building a security program. The Top-Down Approach (C) is initiated by senior management, who define the security policy, assign resources, and mandate compliance throughout the organization - making it the most effective approach because it carries executive authority. The Bottom-Up Approach (A) is initiated by IT staff or technical teams who identify risks and build security controls, then try to gain management support - it is less effective but still a valid recognized method. 'Right-Up' and 'Left-Up' are not recognized security program development methodologies and serve as distractors.
Topics
Community Discussion
No community discussion yet for this question.