CISA Certified Information Systems Auditor – Question1024

Which of the following is the BEST indication that an information security program is effective?

A.
The number of reported and confirmed security incidents has increased after awareness training.
B. The security awareness program was developed following industry best practices.
C. The security team has performed a risk assessment to understand the organization’s risk appetite.
D. The security team is knowledgeable and uses the best available tools.

Correct Answer: A