CERTIFIED-IN-CYBERSECURITY · Question #560
CERTIFIED-IN-CYBERSECURITY Question #560: Real Exam Question with Answer & Explanation
The correct answer is A: A combination of education, training, and awareness activities. A robust security awareness program should include education, training, and awareness activities (see ISC2 Study Guide, Chapter 5, Module 4). Education informs employees about potential threats and security best practices. Training provides practical skills for dealing with secur
Question
Which of the following best describes a robust security awareness training program?
Options
- AA combination of education, training, and awareness activities
- BEducating about potential threats
- CPractical training on how to handle threats
- DAwareness activities
Explanation
A robust security awareness program should include education, training, and awareness activities (see ISC2 Study Guide, Chapter 5, Module 4). Education informs employees about potential threats and security best practices. Training provides practical skills for dealing with security threats. Awareness activities update employees on the latest security threats and reinforce the importance of following security practices. For example, an organization might hold regular workshops (education), conduct simulated phishing attacks (training), and send monthly newsletters highlighting the latest cyber threats (awareness activities). Education about potential threats is not enough for a robust security awareness program. While education is important, it must be complemented by hands-on training and ongoing awareness activities. Hands-on threat response training is a critical component of a security awareness program, but it is not enough. Employees must also understand the nature of the threats they may face (education) and be regularly reminded of the importance of security (awareness). Awareness activities alone are not
Topics
Community Discussion
No community discussion yet for this question.