Certified Information Systems Auditor (CISA) — Question 479

An organization is experiencing a large number of phishing attacks targeting employees and executives following a press release announcing an acquisition.
Which of the following would provide the BEST defense against these attacks?

Answer options

• A. Conduct organization-wide awareness training.
• B. Deploy intrusion detection and prevention systems.
• C. Install spam filters on the acquired systems.
• D. Require signed acknowledgment of the organization's security policy.

Correct answer: A

Explanation

The best defense against phishing attacks is comprehensive awareness training for all employees, as it helps them recognize and respond effectively to such threats. While intrusion detection systems and spam filters can provide some level of protection, they cannot fully prevent targeted phishing attacks. Signed acknowledgments of security policies do not actively educate employees on recognizing phishing attempts.