Secure Software Lifecycle Professional – CSSLP – Question202 - Secure Software Lifecycle Professional

Information Security management is a process of defining the security controls in order to protect information assets. The first action of a management program to implement information security is to have a security program in place. What are the objectives of a security program? Each correct answer represents a complete solution. Choose all that apply.

A. Security education
B. Security organization
C. System classification
D. Information classification

Correct Answer: ABD

Explanation:

Explanation: The first action of a management program to implement information security is to have a security program in place. The objectives of a security program are as follows: Protect the company and its assets Manage risks by identifying assets, discovering threats, and estimating the risk Provide direction for security activities by framing of information security policies, procedures, standards, guidelines and baselines Information classification Security organization Security education Answer: C is incorrect. System classification is not one of the objectives of a security program.