You work as a security manager for SoftTech Inc. You are conducting a security awareness campaign
for your employees. One of the employees of your organization asks you the purpose of the security
awareness, training and education program. What will be your answer?
A.
It improves the possibility for career advancement of the IT staff.
B.
It improves the security of vendor relations.
C.
It improves the performance of a company’s intranet.
D.
It improves awareness of the need to protect system resources.
Explanation:
The purpose of security awareness, training, and education is to increase security by:
Improving awareness of the need to protect system resources. Enhancing the skills and knowledge
so that the computer users can perform their jobs more securely. Constructing in-depth knowledge,
as needed, to design, implement, or operate security programs for organizations and systems.
Making computer system users aware of their security responsibilities and teaching them correct
practices, which helps users change their behavior.
It also supports individual accountability because without the knowledge of the necessary security
measures and how to use them, users cannot be truly accountable for their actions.
Answer options B, C, and A are incorrect. These are not the valid answers for the above question.
CISM Review Manual 2010, Contents: “Information Security Program Management”