Certified Information Security Manager (CISM) — Question 341

Which of the following is the BEST indication of an effective information security awareness training program?

Answer options

• A. An increase in the identification rate during phishing simulations
• B. An increase in the speed of incident resolution
• C. An increase in positive user feedback
• D. An increase in the frequency of phishing tests

Correct answer: A

Explanation

The correct answer, A, indicates that users are becoming more adept at recognizing phishing attempts, which is the primary goal of security awareness training. While B, C, and D are positive outcomes, they do not directly measure the effectiveness of the training in enhancing users' ability to identify phishing attacks.