Certified Information Security Manager (CISM) — Question 590

The BEST indicator the effectiveness of a security program conducted for users is an increase in the number of:

Answer options

• A. social engineering attempts reported to information security
• B. requests for more security training information
• C. participants in the security awareness program
• D. threats detected by information security staff

Correct answer: A

Explanation

An increase in reported social engineering attempts indicates that users are becoming more aware of security threats and are actively engaging with the security program. The other options, while they may show some level of interest or activity, do not directly measure the effectiveness of user awareness in recognizing and reporting security threats.