Which would be the BEST recommendation to protect against phishing attacks?
A.
Install an anti spam system
B.
Publish security guidance for customers
C.
Provide security awareness to the organization’s staff
D.
Install an application-level firewall
Explanation:
Customers of the organization are the target of phishing attacks. Installing security software or training the organization’s staff will be useless. The effort should be put on the customer side.
I believe C is correct
I agree with the answer. B
I believe that correct answer is C. Publishing security guidance for customers will not assist in protecting your company against phishing attacks.
Provide security awareness to the organization’s staff on the other hand will.
The Official ISACA, CISM 8th edition, Review Questions/Answers and Explanations Manual; S3-40.
Q: Which of the following is MOST effective in protecting against the attack technique known as phishing?
A: Security awareness training
Also see: S2-37:
Q: Phishing is BEST mitigated by:
A: User awareness
I would NOT expect the term “organization’s staff” to make a difference.
C is correct answer – CISM Manual 2014
Over the question nothing mentioned related to customer, meant if the we are talking here about organization like bank providing service to customer what is the best recommendation to protect against phishing so for sure the answer will be publishing security guides to customer, but as this not mentioned so the correct one is the awareness which is C
first clear to protect who ?
As per in the explanation, i guess B is more accurate than C.
Security Awareness protects against phishing attacks for EVERYONE. Question says nothing specific to customers.
I believe that C is the correct answer, but B could be correct in a specific circumstance.