Which of the following is the BEST way for an IS auditor to validate that employees have been made aware of the organization's information security policy?
A.
Interview employees to determine their level of understanding of the policy.
B.
Compare the employee roster against a list of those who attended security training.
C.
Review HR records for employee violations of the information security policy.
D.
Review the training process to determine how policies are explained to employees.
i think B is correct. To "validate" that employees have been made aware, the most objective and straightforward way would be B. A relies on individual employees' ability to recall and explain the policy. therefore it may not accurately reflect whether they were made aware of the policy, especially if some time has passed since they had been told about it.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
shalota2
Highly Voted 5 months, 1 week agoNicklM
Highly Voted 1 year, 6 months agostarzuu
1 year, 3 months agoPurpleParrot
Most Recent 1 month, 2 weeks agoRS66
4 months, 2 weeks agoJongHyun
6 months, 1 week agotakuanism
10 months, 1 week ago