CISSP-ISSEP · Question #94
Which of the following is NOT an objective of the security program?
The correct answer is D. Security plan. Option D is correct because a security plan is an output or tool of a security program, not an objective of it - it's what you create to achieve objectives, not a goal in itself. A (Security education) is a recognized objective: training users and staff to understand and follow s
Question
Which of the following is NOT an objective of the security program?
Options
- ASecurity education
- BInformation classification
- CSecurity organization
- DSecurity plan
How the community answered
(22 responses)- B5% (1)
- C9% (2)
- D86% (19)
Explanation
Option D is correct because a security plan is an output or tool of a security program, not an objective of it - it's what you create to achieve objectives, not a goal in itself.
- A (Security education) is a recognized objective: training users and staff to understand and follow security practices.
- B (Information classification) is a recognized objective: categorizing data by sensitivity to ensure appropriate protection levels.
- C (Security organization) is a recognized objective: establishing roles, responsibilities, and governance structures for managing security.
Memory tip: Think of the three valid options as the pillars that hold up a security program - people (education), data (classification), and structure (organization). A security plan is the blueprint, not a pillar - it documents how you'll achieve those objectives.
Topics
Community Discussion
No community discussion yet for this question.