Question 0958 - CISM Certified Information Security Manager

Security awareness training should be provided to new employees:

A. on an as-needed basis.
B. during system user training.
C. before they have access to data.
D. along with department staff.

Correct Answer: C

Explanation:

Explanation:
Security awareness training should occur before access is granted to ensure the new employee understands that security is part of the system and business process. All other choices imply that security awareness training is delivered subsequent to the granting of system access, which may place security as a secondary step.

CISM Certified Information Security Manager

Tag: Question 0958

CISM Certified Information Security Manager – Question0958