One purpose of a security awareness program is to modify: A. employee's attitudes and behaviors towards enterprise's security posture B. management's approach towards enterprise's security posture C. attitudes of employees with sensitive data D. corporate attitudes about safeguarding data
Correct Answer: A
Explanation:
The Answer: security awareness training is to modify employees behaviour and attitude towards towards enterprise’s security posture.
Security-awareness training is performed to modify employees’ behavior and attitude toward security. This can best be achieved through a formalized process of security-awareness training.
It is used to increase the overall awareness of security throughout the company. It is targeted to every single employee and not only to one group of users.
Unfortunately you cannot apply a patch to a human being, the only thing you can do is to educate employees and make them more aware of security issues and threats. Never underestimate human stupidity.
Reference(s) used for this question:
TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation. also see: Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 130). McGraw-Hill. Kindle Edition.
Please disable your adblocker or whitelist this site!