Certified Chief Information Security Officer (CCISO) — Question 121

Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations. You have decided to deal with risk to information from people first.
How can you minimize risk to your most sensitive information before granting access?

Answer options

• A. Set your firewall permissions aggressively and monitor logs regularly.
• B. Develop an Information Security Awareness program
• C. Conduct background checks on individuals before hiring them
• D. Monitor employee drowsing and surfing habits

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of educating employees about information security, which directly addresses human factors in risk management. Options A, C, and D, while relevant, do not prioritize the proactive approach of raising awareness among current and potential employees regarding security practices.