Secure Software Lifecycle Professional – CSSLP – Question323

Which of the following approaches can be used to build a security program? Each correct answer represents a complete solution. Choose all that apply.

A.
Right-Up Approach
B. Left-Up Approach
C. Top-Down Approach
D. Bottom-Up Approach

Correct Answer: CD

Explanation:

Explanation: Top-Down Approach is an approach to build a security program. The initiation, support, and direction come from the top management and work their way through middle management and then to staff members. It is treated as the best approach. This approach ensures that the senior management, who is ultimately responsible for protecting the company assets, is driving the program. Bottom-Up Approach is an approach to build a security program. The lower-end team comes up with a security control or a program without proper management support and direction. It is less effective and doomed to fail. Answer: A and B are incorrect. No such types of approaches exist