CISM Certified Information Security Manager – Question0958

Security awareness training should be provided to new employees:

A.
on an as-needed basis.
B. during system user training.
C. before they have access to data.
D. along with department staff.

Correct Answer: C

Explanation:

Explanation:
Security awareness training should occur before access is granted to ensure the new employee understands that security is part of the system and business process. All other choices imply that security awareness training is delivered subsequent to the granting of system access, which may place security as a secondary step.