The number of reported incidents shows a behaviour change in the staff due to the awareness trainings they received. These reports came in from staff members of the company which means they are wiser to phishing and other cyber attempts.
The correct answer is D. The number of reported security incidents.
Explanation: The number of reported security incidents provides the best measurement of the effectiveness of a security awareness program. An effective security awareness program aims to educate employees and users about security best practices, policies, and procedures. When users are more aware of security risks and how to respond to them, they are more likely to report suspicious activities or potential security incidents.
I think C is not a correct answer; C may be correct answer if ask to measure the effectiveness of Security Response Program. But here the question is to measure the ffectiveness of Training program
D. The number of reported security incidents.
The number of reported security incidents can be a valuable metric in evaluating the effectiveness of a security awareness program. When employees are well-educated and aware of security practices, they are more likely to recognize and report potential security incidents. An increase in the number of reported incidents can indicate that employees are actively engaged in the security program and are actively identifying and reporting suspicious activities or potential threats.
The correct answer is D: D. The number of reported security incidents. The reason is that as more employees are aware of potential security incidents they will report more.
Rationale:
(A) Cost has nothing to do with the effectiveness of a program.
(B) Th number can go up or down, this has less to with the awareness of the employees, but the effectiveness of the controls.
(C) Meantime is great for measuring the response process but has little to do with the detection process which is the aim of a security awareness program.
Here the question asks how to measure security awareness and awareness programme is dedicated to the entire organization -> so, cannot be that employees would analyze and solve the incident, the answer cannot be C. The answer should be D -> increased number incidents detected by employees who are better trained to detect it after awareness was conducted.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Dorcy
Highly Voted 1 year, 5 months agoedmamol
Most Recent 1 week, 3 days agoHugo1717
7 months, 3 weeks agokaranvp
9 months, 3 weeks agowello
10 months, 1 week agorichck102
10 months, 1 week agomad68
11 months agodark_3k03r
1 year agobaranikumar_v
1 year, 3 months agoDelTrotter
1 year, 3 months agoD2D2
1 year, 4 months agoEZPASS
1 year, 4 months agotrev0r
1 year, 5 months agowello
10 months, 1 week agoMisaki11
1 year, 6 months agoZiggybooboo
1 year, 5 months ago