Certified Information Systems Auditor (CISA) — Question 722

Which of the following is the BEST way to prevent social engineering incidents?

Answer options

• A. Ensure user workstations are running the most recent version of antivirus software.
• B. Include security responsibilities in job descriptions and require signed acknowledgment.
• C. Maintain an onboarding and annual security awareness program.
• D. Enforce strict email security gateway controls.

Correct answer: C

Explanation

The correct answer is C because ongoing training and awareness programs equip employees with the knowledge to recognize and resist social engineering attempts. While the other options enhance security, they do not specifically address the human factor, which is critical in preventing social engineering attacks.