nerdexam
EC-Council

312-50V9 · Question #171

How can a policy help improve an employee's security awareness?

The correct answer is A. By implementing written security procedures, enabling employee security training, and promoting. Security policies improve employee awareness by establishing formal written procedures and structured training programs that set clear expectations for secure behavior.

Introduction to Ethical Hacking

Question

How can a policy help improve an employee's security awareness?

Options

  • ABy implementing written security procedures, enabling employee security training, and promoting
  • BBy using informal networks of communication, establishing secret passing procedures, and
  • CBy sharing security secrets with employees, enabling employees to share secrets, and
  • DBy decreasing an employee's vacation time, addressing ad-hoc employment clauses, and

How the community answered

(36 responses)
  • A
    94% (34)
  • B
    3% (1)
  • D
    3% (1)

Why each option

Security policies improve employee awareness by establishing formal written procedures and structured training programs that set clear expectations for secure behavior.

ABy implementing written security procedures, enabling employee security training, and promotingCorrect

Written security procedures formalize expectations and provide a documented reference employees can follow. Security training programs build the knowledge and skills needed to recognize and respond to threats. Together, these elements create a repeatable, measurable framework for organizational security awareness.

BBy using informal networks of communication, establishing secret passing procedures, and

Informal communication networks and secret passing procedures lack the structure and accountability required to effectively govern employee security behavior.

CBy sharing security secrets with employees, enabling employees to share secrets, and

Sharing security secrets with employees and enabling them to share secrets violates the need-to-know principle and increases the risk of unauthorized disclosure.

DBy decreasing an employee's vacation time, addressing ad-hoc employment clauses, and

Reducing vacation time and modifying ad-hoc employment clauses have no direct relationship to building or improving employee security awareness.

Concept tested: Security policy role in employee awareness training

Source: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-50.pdf

Topics

#security awareness#security policy#employee training#organizational security

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice