CISM Certified Information Security Manager – Question1158 - CISM Certified Information Security Manager

Which of the following would raise security awareness among an organization's employees?

A. Distributing industry statistics about security incidents
B. Monitoring the magnitude of incidents
C. Encouraging employees to behave in a more conscious manner
D. Continually reinforcing the security policy

Correct Answer: D

Explanation:

Explanation: Employees must be continually made aware of the policy and expectations of their behavior. Choice A would have little relevant bearing on the employee’s behavior. Choice B does not involve the employees. Choice C could be an aspect of continual reinforcement of the security policy.