Certified Information Security Manager (CISM) — Question 1110

Unintentional behavior by an employee caused a major data loss incident. Which of the following is the BEST way for the information security manager to prevent recurrence within the organization?

Answer options

• A. Improve the security awareness training program
• B. Communicate consequences for future instances
• C. Implement compensating controls
• D. Enhance the data loss prevention (DLP) solution

Correct answer: A

Explanation

The best approach is to enhance the security awareness training program, as it directly addresses employee behavior and knowledge, reducing the likelihood of future incidents. While communicating consequences and implementing compensating controls are important, they do not tackle the root cause of employee negligence. Upgrading the DLP solution may help, but without addressing employee awareness, the risk of similar incidents remains high.