PrepAway - Latest Free Exam Questions & Answers

Which approach to a security program ensures people res…

Which approach to a security program ensures people responsible for protecting the company’s assets are
driving the program?

PrepAway - Latest Free Exam Questions & Answers

A.
The Delphi approach.

B.
The top-down approach.

C.
The bottom-up approach.

D.
The technology approach.

Explanation:
A security program should use a top-down approach, meaning that the initiation, support, and direction come
from top management; work their way through middle management; and then reach staff members. In contrast,
a bottom-up approach refers to a situation in which staff members (usually IT) try to develop a security program
without getting proper management support and direction. A bottom-up approach is commonly less effective,
not broad enough to address all security risks, and doomed to fail. A top-down approach makes sure the
people actually responsible for protecting the company’s assets (senior management) are driving the program.
Senior management are not only ultimately responsible for the protection of the organization, but also hold the
purse strings for the necessary funding, have the authority to assign needed resources, and are the only oneswho can ensure true enforcement of the stated security rules and policies.
Incorrect Answers:
A: Delphi is a group decision method used to ensure that each member of a group gives an honest and
anonymous opinion pertaining to the company’s risks.
C: The bottom-up approach is the opposite to the top-down approach. The bottom-up approach refers to a
situation in which staff members (usually IT) try to develop a security program without getting proper
management support and direction.
D: The technology approach is not a defined security program approach.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 63


Leave a Reply