CISM Certified Information Security Manager – Question1025

An organization implemented a mandatory information security awareness training program a year ago. What is the BEST way to determine its effectiveness?

A.
Analyze findings from previous audit reports
B. Analyze results from training completion reports
C. Analyze results of a social engineering test
D. Analyze responses from an employee survey of training satisfaction

Correct Answer: C