Certified Information Security Manager (CISM) — Question 591

Which of the following is the MOST effective way to prevent information security incidents?

Answer options

• A. Deploying intrusion detection tools in the network environment
• B. Deploying a consistent incident response approach
• C. Implementing a security information and event management (SIEM) tool
• D. Implementing a security awareness training program for employees

Correct answer: D

Explanation

Implementing a security awareness training program for employees is crucial because it empowers staff to recognize and respond to potential threats, thereby reducing the likelihood of security breaches. While the other options enhance security measures, they do not directly address human factors, which are often the weakest link in security. An informed workforce can better prevent incidents than relying solely on technology or response procedures.