Which of the following findings should be of GREATEST concern for an IS auditor when auditing the effectiveness of a phishing simulation test administered for staff members?
A.
Security awareness training was not provided prior to the test.
B.
Staff members were not notified about the test beforehand.
C.
Staff members who failed the test did not receive follow-up education.
D.
Test results were not communicated to staff members.
While communicating test results to staff members (option D) is also important for providing feedback and promoting awareness, ensuring that staff members who failed the test receive follow-up education is crucial for addressing their vulnerabilities and improving the organization's overall security posture. Therefore, the finding that staff members who failed the test did not receive follow-up education should be of greatest concern for an IS auditor in this scenario.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
PurpleParrot
1 month, 2 weeks agoblues_lee
2 months, 2 weeks agoRS66
4 months, 2 weeks agoSwallows
5 months, 1 week agotakuanism
10 months, 1 week agoMohamedAbdelaal
1 year, 7 months agoDavid_Hu
1 year, 10 months agoDeeplaxmi
2 years, 1 month ago