CompTIA CySA+ (CS0-003) — Question 153

Which of the following best describes the key elements of a successful information security program?

Answer options

• A. Business impact analysis, asset and change management, and security communication plan
• B. Security policy implementation, assignment of roles and responsibilities, and information asset classification
• C. Disaster recovery and business continuity planning, and the definition of access control requirements and human resource policies
• D. Senior management organizational structure, message distribution standards, and procedures for the operation of security management systems

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of establishing security policies, defining roles, and classifying information assets, which are crucial for managing security effectively. Options A, C, and D, while important, do not encompass the foundational aspects of a security program as thoroughly as option B does.