Certified Information Security Manager (CISM) — Question 402

Which of the following is the MOST effective way to ensure information security policies are understood?

Answer options

• A. Implement a whistle-blower program.
• B. Document security procedures.
• C. Include security responsibilities in job descriptions.
• D. Provide regular security awareness training.

Correct answer: D

Explanation

Providing regular security awareness training is the most effective way to ensure understanding, as it actively engages employees and reinforces the importance of security policies. While documenting procedures and including responsibilities in job descriptions are valuable, they do not ensure comprehension as effectively as ongoing training. A whistle-blower program does not address understanding of policies directly.