Certified Information Security Manager (CISM) — Question 374

To help ensure that an information security training program is MOST effective, its contents should be:

Answer options

• A. aligned to business processes.
• B. based on employees' roles.
• C. based on recent incidents.
• D. focused on information security policy.

Correct answer: B

Explanation

The correct answer is B, as tailoring the training content to employees' roles ensures that the information is relevant and applicable to their specific responsibilities, enhancing retention and application. While aligning with business processes, recent incidents, and policies are important, they do not directly address the unique needs and functions of each employee, which is crucial for effective training.