CompTIA CySA+ (CS0-001) — Question 143

A new security manager was hired to establish a vulnerability management program. The manager asked for a corporate strategic plan and risk register that the project management office developed. The manager conducted a tools and skill sets inventory to document the plan. Which of the following is a critical task for the establishment of a successful program?

Answer options

• A. Establish continuous monitoring
• B. Update vulnerability feed
• C. Perform information classification
• D. Establish corporate policy

Correct answer: D

Explanation

Establishing a corporate policy is crucial as it provides the framework and guidelines for the vulnerability management program, ensuring alignment with organizational goals. The other options, while important, are more operational in nature and depend on having a policy in place to guide their execution.