312-50V9 · Question #171
How can a policy help improve an employee's security awareness?
The correct answer is A. By implementing written security procedures, enabling employee security training, and promoting. Security policies improve employee awareness by establishing formal written procedures and structured training programs that set clear expectations for secure behavior.
Question
How can a policy help improve an employee's security awareness?
Options
- ABy implementing written security procedures, enabling employee security training, and promoting
- BBy using informal networks of communication, establishing secret passing procedures, and
- CBy sharing security secrets with employees, enabling employees to share secrets, and
- DBy decreasing an employee's vacation time, addressing ad-hoc employment clauses, and
How the community answered
(36 responses)- A94% (34)
- B3% (1)
- D3% (1)
Why each option
Security policies improve employee awareness by establishing formal written procedures and structured training programs that set clear expectations for secure behavior.
Written security procedures formalize expectations and provide a documented reference employees can follow. Security training programs build the knowledge and skills needed to recognize and respond to threats. Together, these elements create a repeatable, measurable framework for organizational security awareness.
Informal communication networks and secret passing procedures lack the structure and accountability required to effectively govern employee security behavior.
Sharing security secrets with employees and enabling them to share secrets violates the need-to-know principle and increases the risk of unauthorized disclosure.
Reducing vacation time and modifying ad-hoc employment clauses have no direct relationship to building or improving employee security awareness.
Concept tested: Security policy role in employee awareness training
Source: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-50.pdf
Topics
Community Discussion
No community discussion yet for this question.