# Security Program Management (PDCA) Backlink: [[Domain 1 - Index]] **Definition:** Managing the security program through Plan–Do–Check–Act cycles for continuous improvement. ## Key Facts - Plan: risk assessment, policies, strategy, budget. - Do: implement controls, awareness, processes. - Check: monitor metrics, audits, management review. - Act: corrective actions, updates, roadmap. - Align with ISO 27001 ISMS and governance structures. - **Verify:** check official (ISC)² CBK and current exam outline. >[!tip] **Exam Relevance** - Pick next PDCA step after an audit finding - Link PDCA to ISMS and metrics >[!note] **Mnemonic** - “Plan, Do, Check, Act.” ### Example Q: Audit shows policy gaps; PDCA step? A: Act—remediate and update plan. ## Revision Checklist - [ ] Name PDCA phases - [ ] Map activities to phases - [ ] Tie PDCA to governance/ISMS - [ ] Include management review ## Related [[Control Frameworks (ISO/IEC 27001, NIST, COBIT)]] · [[Security Metrics, KPIs, and KRIs]] · [[Security Policy Types]] · [[Risk Management Process]] · [[Compliance Frameworks and Audits (SOX, PCI DSS, SOC Reports)]] #cisSP #domain-1 #concept