nerdexam
(ISC)2

CISSP · Question #1394

What is the PRIMARY purpose of creating and reporting metrics for a security awareness, training, and education program?

The correct answer is B. Measure the effect of the program on the organization's workforce.. Metrics are used to evaluate the effectiveness and efficiency of a security awareness, training, and education program. They can help to identify the strengths and weaknesses of the program, the level of knowledge and skills of the workforce, the impact of the program on the orga

Submitted by eva_at· Mar 5, 2026Security and Risk Management

Question

What is the PRIMARY purpose of creating and reporting metrics for a security awareness, training, and education program?

Options

  • AMake all stakeholders aware of the program's progress.
  • BMeasure the effect of the program on the organization's workforce.
  • CFacilitate supervision of periodic training events.
  • DComply with legal regulations and document due diligence in security practices.

How the community answered

(22 responses)
  • A
    14% (3)
  • B
    59% (13)
  • C
    5% (1)
  • D
    23% (5)

Explanation

Metrics are used to evaluate the effectiveness and efficiency of a security awareness, training, and education program. They can help to identify the strengths and weaknesses of the program, the level of knowledge and skills of the workforce, the impact of the program on the organization's security posture and culture, and the return on investment of the program. Metrics can also help to communicate the value and benefits of the program to the stakeholders, such as management, employees, customers, and regulators.

Topics

#Security awareness#Training metrics#Program effectiveness#Risk management

Community Discussion

No community discussion yet for this question.

Full CISSP Practice