Certified Information Systems Auditor (CISA) — Question 809

An IS auditor has found that despite an increase in phishing attacks over the past two years, there has been a significant decrease in the success rate. Which of the following is the MOST likely reason for this decline?

Answer options

• A. Implementation of a security awareness program
• B. Enhanced training for incident responders
• C. Implementation of an intrusion detection system (IDS)
• D. Development of an incident response plan

Correct answer: A

Explanation

The correct answer is A, as a security awareness program educates users about phishing threats, leading to better recognition and reporting of such attempts. While enhanced training for incident responders, an IDS, and an incident response plan are beneficial, they do not directly address user awareness and behavior, which is crucial in reducing the success of phishing attacks.