CISA Certified Information Systems Auditor – Question2740

The management of an organization has decided to establish a security awareness program. Which of the following would MOST likely be a part of the program?

A.
Utilization of an intrusion detection system to report incidents
B. Mandating the use of passwords to access all software
C. Installing an efficient user log system to track the actions of each user
D. Training provided on a regular basis to all current and new employees

Correct Answer: D

Explanation:

Explanation:
Utilizing an intrusion detection system to report on incidents that occur is an implementation of a security program and is not effective in establishing a security awareness program. Choices B and C do not address awareness. Training is the only choice that is directed at security awareness.