Certified Information Systems Auditor (CISA) — Question 913

Which of the following BEST indicates that the effectiveness of an organization's security awareness program has improved?

Answer options

• A. An increase in the number of staff who complete awareness training
• B. A decrease in the number of malware outbreaks
• C. An increase in the number of phishing emails reported by employees
• D. A decrease in the number of information security audit findings

Correct answer: C

Explanation

The correct answer is C, as an increase in reported phishing emails suggests that employees are more vigilant and aware of security threats. Options A, B, and D, while potentially indicative of better security practices, do not directly reflect the effectiveness of the awareness program itself.