CISM Question #462: Real Exam Question with Answer & Explanation

The correct answer is D: More user-reported information security incidents. An increase in user-reported security incidents is the strongest behavioral indicator that an awareness program is working. It shows that employees recognize suspicious activity and feel confident and empowered to report it - a direct outcome of effective training. Fewer DLP aler

Submitted by yousef_jo· Apr 18, 2026Information Security Program Development and Management

Question

Which of the following BEST indicates the effectiveness of an information security awareness program?

Options

AFewer data loss prevention (DLP) incident reports
BImproved end-user feedback regarding security training
CFewer phishing incidents
DMore user-reported information security incidents

Explanation

An increase in user-reported security incidents is the strongest behavioral indicator that an awareness program is working. It shows that employees recognize suspicious activity and feel confident and empowered to report it - a direct outcome of effective training. Fewer DLP alerts (A) or fewer phishing incidents (C) could result from technical controls rather than awareness. Positive user feedback (B) reflects satisfaction with training content, not necessarily a change in security behavior.

Topics

#Security Awareness#Program Effectiveness#Security Metrics#Incident Reporting

Community Discussion

No community discussion yet for this question.

Full CISM Practice Browse All CISM Questions