Tricky options B & C - I ended up choosing C, but B is right
The whole idea of awareness training is to change user behaviour. When more incidents are reported, it's a good indicator that users are security aware and taking the right action
C. Fewer incidents of phishing attempts are being reported. For those selecting B, you are mistaken. I understand your logic, you're thinking that employees will report more phishing attemps when they are more away but your approach of looking at it is flawed. When an awareness program is effective, employees will have fewer security incidents. There is a difference between a security event and a security incident. An incident usually means that the phishing event was successful and as such an incident that needs to be contained or mitigated. C. is the correct answer because fewer incidents will be reported because the phishing attempt events will not be successful to become incidents. I hope this makes sense to you. You have to be able to distinguish between a phishing event and a phishing incident. There is a difference between an event and an incident. Not all security events are incidents.
I would agree with you if the word "ATTEMPT" was not in the answers provided. Just getting a phishing email is considered an incident, but not a bad one if the attempt failed to get the user to click on the email content and it was reported instead.
B is correct
The objective of awareness training is to change user behavior and if the number of phising incident that have reported is increased means that the awareness program has succeeded
Here most of the people have misunderstood the word Incident and have voted for C.
According to NIST, an Incident is An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.
Simply, a security incident is an event that may indicate that an organization's systems or data have been compromised.
So fewer incidents of phishing attempts are being reported means that the awareness training are success.
You are right! Which means the correct answer is C. not B. ........C. Fewer incidents of phishing attempts are being reported. "People have misunderstood the word incident and have voted for B".
C. Fewer incidents of phishing attempts are being reported.
An effective security awareness training module should lead to a decrease in successful phishing attempts, as users become more vigilant and cautious about identifying and reporting phishing attempts.
I go with B. After users awareness they are to be more vigilant and report more incidents. Whether those incidents are true or not it is a different story, but the fact they are more suspicious and they would report more incidents.
Sure seems like B. I get these phishing emails at work and click on "report phishing". Although, I now just ignore them since it's obvious to me this is phishing. My employer doesn't care though, but others take the report very seriously and can terminate you if you ignore. So this question actually has both B and C as answers, depending on the situation.
C is correct.
It's all about wording.
"fishing attempts" leads us to answer B. But the scenario does not state if these attempts were successful or not.
The word "incident" is the key. An incident indicates that the security event "fishing attempt" already had an negative effect on the organization - the fishing attempt was successful.
This is why a successful awareness campaign should lead to FEWER incidents.
C. Correct answer
Fewer incidents of phishing attempts are being reported is an indicator that a company's new user security awareness training module has been effective. This suggests that the employees are becoming more aware of phishing attempts and are therefore less likely to fall for them.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Cww1
Highly Voted 2 years, 3 months agojackdryan
1 year, 7 months agoDERCHEF2009
2 years, 3 months agodev46
2 years, 3 months agoRamye
Most Recent 6 months agodeeden
4 months, 3 weeks agonelombg
9 months, 2 weeks agoYesPlease
1 year agoSoleandheel
1 year agoYesPlease
1 year agohomeysl
1 year, 2 months agoSocca
1 year, 2 months agoLalithW
1 year, 2 months agoSoleandheel
1 year agogeorgegeorge125487
1 year, 4 months agoakinmoyeroolu
1 year, 4 months agoMShaaban
1 year, 4 months agobenllp_sst
1 year, 4 months agobenllp_sst
1 year, 4 months agoBach1968
1 year, 5 months agoap0ls
9 months agoHughJassole
1 year, 6 months agodmo_d
1 year, 7 months agodumdada
1 year, 6 months agocsco10320953
1 year, 9 months agoDee83
1 year, 11 months ago