Which of the following is NOT an objective of the security program?

D.

The objective of a security program is to protect the organization's assets by implementing appropriate security controls, policies, and procedures. The security program can have several objectives that work together to ensure the overall security of the organization.

A. Security education is an essential objective of the security program. It aims to increase awareness among employees about security threats, best practices, and organizational security policies and procedures. Security education helps in reducing security incidents caused by employee errors and promotes a security culture within the organization.

B. Information classification is another critical objective of the security program. It involves categorizing information based on its sensitivity level and implementing appropriate security controls to protect it from unauthorized access, use, disclosure, or modification. Information classification helps in identifying the information that requires more stringent security controls and streamlines security management.

C. Security organization is also an objective of the security program. It involves defining the roles and responsibilities of security personnel, establishing reporting structures, and creating a security management framework to ensure effective security management within the organization.

D. Security plan is an important objective of the security program as well. It involves developing a comprehensive security plan that outlines the organization's security goals, strategies, and actions to achieve them. The security plan provides a roadmap for the security program and helps in aligning security objectives with the organization's overall objectives.

Therefore, out of the given options, none of them can be excluded as an objective of the security program. All of them are equally important and work together to ensure the security of the organization's assets.