Which of the following is the MOST likely to change an organization’s culture to one that is more
security conscious?
A.
Adequate security policies and procedures
B.
Periodic compliance reviews
C.
Security steering committees
D.
Security awareness campaigns
Explanation:
Security awareness campaigns will be more effective at changing an organizational culture than
the creation of steering committees and security policies and procedures. Compliance reviews are
helpful; however, awareness by all staff is more effective because compliance reviews are focused
on certain areas groups and do not necessarily educate.