Certified Information Systems Auditor (CISA) — Question 1270

An organization's security policy mandates that all new employees must receive appropriate security awareness training. Which of the following metrics would
BEST assure compliance with this policy?

Answer options

• A. Number of new hires who have violated enterprise security policies
• B. Percentage of new hires that have completed the training
• C. Number of reported incidents by new hires
• D. Percentage of new hires who report incidents

Correct answer: B

Explanation

The correct answer is B because tracking the percentage of new hires who have completed the training directly measures compliance with the security policy. Options A and C focus on violations and incidents, which do not indicate whether the training was completed, while option D is also irrelevant as it pertains to incident reporting rather than training completion.