Certified Chief Information Security Officer (CCISO) — Question 143

What is the FIRST step in developing the vulnerability management program?

Answer options

• A. Baseline the Environment
• B. Define policy
• C. Maintain and Monitor
• D. Organization Vulnerability

Correct answer: B

Explanation

The initial step in establishing a vulnerability management program is to define the policy, as this sets the foundation for the entire program. Without a clear policy, the subsequent steps like baselining, maintaining, and monitoring may lack direction. Options A, C, and D involve actions that come after the policy is established.