Certified Information Security Manager (CISM) — Question 694

Which of the following is the BEST method to reduce the risk of an information security breach due to spear phishing?

Answer options

• A. Implementing a vulnerability management program
• B. Deploying an intrusion protection system (IPS)
• C. Establishing a company-wide information security awareness plan
• D. Reviewing log files daily to identify any suspicious activity

Correct answer: C

Explanation

The correct answer, C, emphasizes the importance of educating employees about security threats, which is crucial for preventing spear phishing attacks. While A, B, and D are important security measures, they do not directly address the human element that spear phishing exploits, making them less effective in this context.