Certified Information Security Manager (CISM) — Question 1120

An information security manager has learned of an increasing trend in attacks that use phishing emails impersonating an organization's CEO in an attempt to commit wire transfer fraud. Which of the following is the BEST way to reduce the risk associated with this type of attack?

Answer options

• A. Temporarily suspend wire transfers for the organization.
• B. Provide awareness training to staff responsible for wire transfers.
• C. Disable emails for staff responsible for wire transfers.
• D. Provide awareness training to the CEO for this type of phishing attack.

Correct answer: B

Explanation

Providing awareness training to staff responsible for wire transfers helps them recognize and avoid phishing attempts, thus reducing the risk of fraud. Temporarily suspending wire transfers or disabling emails does not address the root cause of the issue, and training the CEO alone won't protect the broader team involved in the wire transfer process.