CISA Certified Information Systems Auditor – Question2752

Which of the following provides the best evidence of the adequacy of a security awareness program?

A.
The number of stakeholders including employees trained at various levels
B. Coverage of training at all locations across the enterprise
C. The implementation of security devices from different vendors
D. Periodic reviews and comparison with best practices

Correct Answer: D

Explanation:

Explanation:
The adequacy of security awareness content can best be assessed by determining whether it is periodically reviewed and compared to industry best practices. Choices A, B and C provide metrics for measuring various aspects of a security awareness program, but do not help assess the content.