Certified Information Security Manager (CISM) — Question 510

The MOST important objective of security awareness training for business staff is to:

Answer options

• A. understand intrusion methods.
• B. reduce negative audit findings.
• C. increase compliance.
• D. modify behavior.

Correct answer: D

Explanation

The correct answer, D, emphasizes that the main purpose of security awareness training is to alter employees' behavior to promote security best practices. While understanding intrusion methods, reducing negative audit findings, and increasing compliance are important, they are secondary to the fundamental aim of changing behavior to prevent security incidents.