Certified Information Security Manager (CISM) — Question 195

Which of the following is the MOST effective way to help staff members understand their responsibilities for information security?

Answer options

• A. Require staff to sign confidentiality agreements.
• B. Require staff to participate in information security awareness training.
• C. Communicate disciplinary processes for policy violations.
• D. Include information security responsibilities in job descriptions.

Correct answer: B

Explanation

The most effective way to ensure that staff understand their responsibilities regarding information security is through awareness training, as it provides comprehensive knowledge and context. While signing confidentiality agreements, communicating disciplinary processes, and including responsibilities in job descriptions are important, they do not offer the same level of direct education and understanding as training does.