Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 149
Which of the following would be most effective in preventing phishing attacks from impacting business systems?
Answer options
- A. Training users on security awareness.
- B. Monitoring the usage of IT systems.
- C. Using software to detect malware.
- D. Blocking access to a user's accounts.
Correct answer: A
Explanation
Training users on security awareness is crucial because it empowers them to recognize and respond to phishing attempts effectively. While monitoring IT systems and using malware detection software are important security practices, they do not directly address the human factor, which is often exploited in phishing attacks. Blocking user access may limit damage but does not prevent the initial attack from occurring.