nerdexam
(ISC)2

CAP · Question #61

Which of the following approaches can be used to build a security program? Each correct answer represents a complete solution. Choose all that apply.

The correct answer is A. Bottom-Up Approach C. Top-Down Approach. There are two recognized approaches to building a security program. The Top-Down Approach (C) is initiated by senior management, who define the security policy, assign resources, and mandate compliance throughout the organization - making it the most effective approach because it

Security and Privacy Governance, Risk Management, and Compliance Program

Question

Which of the following approaches can be used to build a security program? Each correct answer represents a complete solution. Choose all that apply.

Options

  • ABottom-Up Approach
  • BRight-Up Approach
  • CTop-Down Approach
  • DLeft-Up Approach

How the community answered

(21 responses)
  • A
    90% (19)
  • B
    5% (1)
  • D
    5% (1)

Explanation

There are two recognized approaches to building a security program. The Top-Down Approach (C) is initiated by senior management, who define the security policy, assign resources, and mandate compliance throughout the organization - making it the most effective approach because it carries executive authority. The Bottom-Up Approach (A) is initiated by IT staff or technical teams who identify risks and build security controls, then try to gain management support - it is less effective but still a valid recognized method. 'Right-Up' and 'Left-Up' are not recognized security program development methodologies and serve as distractors.

Topics

#Security program development#Program building approaches#Top-down approach#Bottom-up approach

Community Discussion

No community discussion yet for this question.

Full CAP Practice