nerdexam
(ISC)2

CISSP-ISSEP · Question #94

Which of the following is NOT an objective of the security program?

The correct answer is D. Security plan. Option D is correct because a security plan is an output or tool of a security program, not an objective of it - it's what you create to achieve objectives, not a goal in itself. A (Security education) is a recognized objective: training users and staff to understand and follow s

Governance and Training

Question

Which of the following is NOT an objective of the security program?

Options

  • ASecurity education
  • BInformation classification
  • CSecurity organization
  • DSecurity plan

How the community answered

(22 responses)
  • B
    5% (1)
  • C
    9% (2)
  • D
    86% (19)

Explanation

Option D is correct because a security plan is an output or tool of a security program, not an objective of it - it's what you create to achieve objectives, not a goal in itself.

  • A (Security education) is a recognized objective: training users and staff to understand and follow security practices.
  • B (Information classification) is a recognized objective: categorizing data by sensitivity to ensure appropriate protection levels.
  • C (Security organization) is a recognized objective: establishing roles, responsibilities, and governance structures for managing security.

Memory tip: Think of the three valid options as the pillars that hold up a security program - people (education), data (classification), and structure (organization). A security plan is the blueprint, not a pillar - it documents how you'll achieve those objectives.

Topics

#Security program#Governance#Security organization#Security education

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice