Exam CISM topic 1 question 220 discussion

It should be A, because senior management's endorsement of the program and its importance to the organization sends a clear message to employees about the significance of information security.

C. customized for each target audience. Effective information security awareness programs should be tailored to the specific needs and characteristics of the target audience. Different groups within an organization may have varying levels of knowledge, responsibilities, and potential security risks. Customizing the program ensures that the content is relevant and relatable to the individuals receiving the training, making it more likely to be effective in raising awareness and promoting good security practices.

Whats going on here? The question asks for most effective. Endorsement vs tailored delivery of training? --> customized delivery is more effective. C is the most correct answer. Management endorsement is the first action, but it is not the best for effectiveness.

A training video with nothing but a poop emoji dancing for 30 min could be endorsed by senior management, is it effective....I will let you answer that. Answer is C

What makes it challenging is that they decided to use the word "Sponsored instead of endorsed". If a program is endorsed and supported by senior management it's always better which would make A the best answer choice. However, the word used is "Sponsored" which is not necessarily a synonym of "endorsed" or "supported"....or one could argue it means the same thing. If you sponsor it, does it mean you endorse it? Technically yes!

MY 20yrs exp. tells me it's A.. nothing can be more than helpful by a tone on the top.. even provide customized training can not be the most effective, trust me. it must be A..

C. customized for each target audience. Effective information security awareness programs should be tailored to the specific needs and characteristics of the target audience. Different groups within an organization may have varying levels of knowledge, responsibilities, and potential security risks. Customizing the program ensures that the content is relevant and relatable to the individuals receiving the training, making it more likely to be effective in raising awareness and promoting good security practices.

The ISACA's CISM Review Manual 15th Edition emphasizes the importance of customizing security awareness programs for different target audiences: "The success of the security awareness program depends on how well it is tailored to its audience. One-size-fits-all approaches are usually less effective. Different groups within the organization have different roles and responsibilities and, therefore, need to be made aware of different aspects of security."

Totally agree with albin_kurti - "Endorsment ny management doesnt mean they're effective"

A. sponsored by senior management.

Tengo mis dudas. Se supone que ya hay programa, luego la alta gerencia ya a demostrado su implicación .

The correct answer is (A) sponsored by senior management. As sponsorship usually brings: Top-down support and endorsement of the program Allocation of sufficient resources (financial and human) for the program Integration of the program with the overall organizational goals and strategies - accountability and ownership for the success of the program - visibility and credibility for the program - Promotion of a culture of security awareness - Reinforcement of the importance as a business priority Rationale: (B.) reinforced by computer-based training is not correct cause it doesn't show the organization's commitment to the training (C.) customized for each target audience, this is incredibly important, but without the financial support, promotion, or enforcement of management sponsorship this won't get far. (D.) conducted at employee orientation, this is great, but not sufficient for the long-term value.

customised training plan makes it effective