Certified Information Systems Security Professional (CISSP) — Question 177

An organization is establishing a privacy program to ensure that personally identifiable information (PII) is properly protected. What is the FIRST action the organization should take to establish the program?

Answer options

• A. Appoint a senior official to oversee the privacy program.
• B. Allocate sufficient resources to implement the privacy program.
• C. Develop a strategic organizational privacy plan.
• D. Monitor privacy laws and policy changes.

Correct answer: A

Explanation

The correct answer is A because appointing a senior official is crucial for establishing leadership and accountability in the privacy program. Without a designated leader, other efforts such as resource allocation, strategic planning, and monitoring laws may lack direction and effectiveness.