Certified Information Systems Auditor (CISA) — Question 213

Which of the following would provide the BEST evidence of the effectiveness of mandated annual security awareness training?

Answer options

• A. Trending of social engineering test results
• B. Surveys completed by randomly selected employees
• C. Number of security incidents
• D. Results of a third-party penetration test

Correct answer: A

Explanation

The trending of social engineering test results directly measures employees' ability to recognize and respond to social engineering attacks, which is a key goal of security awareness training. While surveys and the number of incidents provide some insights, they do not specifically assess the training's impact on real-world scenarios as effectively as the trend data from social engineering tests. Third-party penetration test results focus on system vulnerabilities rather than employee awareness.