Certified Information Security Manager (CISM) — Question 426

The BEST way to identify the risk associated with a social engineering attack is to:

Answer options

• A. monitor the intrusion detection system (IDS).
• B. review single sign-on (SSO) authentication logs.
• C. perform a business risk assessment of the email filtering system.
• D. test user knowledge of information security practices.

Correct answer: D

Explanation

Testing user knowledge of information security practices is essential in identifying vulnerabilities that social engineering attackers might exploit. The other options focus on monitoring systems or logs, which do not directly assess human awareness and readiness against such attacks.