CompTIA CySA+ (CS0-001) — Question 244

The Chief Information Security Officer (CISO) has asked the security staff to identify a framework on which to base the security program. The CISO would like to achieve a certification showing the security program meets all required best practices. Which of the following would be the BEST choice?

Answer options

• A. OSSIM
• B. SDLC
• C. SANS
• D. ISO

Correct answer: D

Explanation

The correct answer is ISO, as it provides a recognized framework for establishing, implementing, and maintaining an effective security program, which can lead to certification. OSSIM, SDLC, and SANS, while valuable in their contexts, do not directly provide a comprehensive certification framework that meets all best practices required by a CISO.