Which one of the following is the MAIN goal of a security awareness program when addressing
senior management?
A.
Provide a vehicle for communicating security procedures.
B.
Provide a clear understanding of potential risk and exposure.
C.
Provide a forum for disclosing exposure and risk analysis.
D.
Provide a forum to communicate user responsibilities.
Explanation:
When the Security Officer is addressing Senior Management, the focus would not be on user
responsibilities, it would be on making sure the Senior Management have a clear understanding of
the risk and potential liability is
Not D: Item D would be correct in a situation where Senior Management is addressing
organizational staff.
For D, the Senior Management would not be communicating with the organizational staff. The information to the staff would follow a top down approach thru the CISO.