nerdexam
(ISC)2

CAP · Question #98

Which of the following is NOT an objective of the security program?

The correct answer is A. Security plan. A security plan is a document - an artifact or output produced by a security program - not an objective of the program itself. Security program objectives define what the program aims to achieve or establish, such as security education/awareness (training personnel), security org

Security and Privacy Governance, Risk Management, and Compliance Program

Question

Which of the following is NOT an objective of the security program?

Options

  • ASecurity plan
  • BSecurity education
  • CSecurity organization
  • DInformation classification

How the community answered

(48 responses)
  • A
    90% (43)
  • B
    6% (3)
  • C
    2% (1)
  • D
    2% (1)

Explanation

A security plan is a document - an artifact or output produced by a security program - not an objective of the program itself. Security program objectives define what the program aims to achieve or establish, such as security education/awareness (training personnel), security organization (defining roles and responsibilities), and information classification (categorizing data by sensitivity). These are goals the program pursues. A security plan is the written record of how those objectives will be met, making it a means to an end rather than an end in itself. This distinction between a program's objectives (what it aims to do) and its outputs/artifacts (what it produces) is key to this question.

Topics

#Security program objectives#Security program management#Information security governance#Security planning

Community Discussion

No community discussion yet for this question.

Full CAP Practice