CISA Certified Information Systems Auditor – Question2664

Which of the following would help determine the maturity of an information security awareness program?

A.
A review of the annual penetration test results
B. A network vulnerability assessment
C. A simulated social engineering test
D. A gap assessment against an established model

Correct Answer: D