nerdexam
(ISC)2

CISSP-ISSMP · Question #183

You work as a security manager for SoftTech Inc. You are conducting a security awareness campaign for your employees. Which of the following ideas will you consider the best when conducting a security

The correct answer is C. Provide customized messages for different groups.. Providing customized messages for different groups is the most effective approach because different employee roles face different security threats, have different technical knowledge levels, and interact with sensitive systems in different ways. A system administrator needs techn

Security Leadership and Management

Question

You work as a security manager for SoftTech Inc. You are conducting a security awareness campaign for your employees. Which of the following ideas will you consider the best when conducting a security awareness campaign?

Options

  • ATarget system administrators and the help desk.
  • BProvide technical details on exploits.
  • CProvide customized messages for different groups.
  • DTarget senior managers and business process owners.

How the community answered

(43 responses)
  • A
    2% (1)
  • B
    9% (4)
  • C
    81% (35)
  • D
    7% (3)

Explanation

Providing customized messages for different groups is the most effective approach because different employee roles face different security threats, have different technical knowledge levels, and interact with sensitive systems in different ways. A system administrator needs technical, in-depth security guidance, while an HR employee needs awareness around phishing and data privacy. Targeting only system administrators and help desk (A) or only senior managers (D) ignores the broader employee population, which is often the primary vector for social engineering attacks. Providing technical details on exploits (B) is inappropriate for a general awareness campaign - most employees do not need exploit-level detail and such content can overwhelm or confuse non-technical staff, reducing campaign effectiveness.

Topics

#Security Awareness#Security Training#Communication Strategy#Program Management

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSMP Practice