CISA Certified Information Systems Auditor – Question1618 - CISA Certified Information Systems Auditor

The MOST effective control for reducing the risk related to phishing is:

A. centralized monitoring of systems.
B. including signatures for phishing in antivirus software.
C. publishing the policy on antiphishing on the intranet.
D. security training for all users.

Correct Answer: D

Explanation:

Explanation:
Phishing is a type of e-mail attack that attempts to convince a user that the originator is genuine, with the intention of obtaining information. Phishing is an example of a social engineering attack. Any social engineering type of attack can best Decontrolled through security and awareness training.