Certified Information Security Manager (CISM) — Question 750

Which of the following is the GREATEST benefit of conducting an organization-wide security awareness program?

Answer options

• A. More security incidents are detected
• B. Security behavior is improved
• C. The security strategy is promoted
• D. Fewer security incidents are reported

Correct answer: B

Explanation

The correct answer is B because improving security behavior leads to a more security-conscious culture within the organization, which is fundamental for long-term security success. While detecting more incidents (A) and promoting strategy (C) are beneficial, they do not directly enhance the overall security posture as effectively as improved behavior. Additionally, fewer incidents reported (D) may not necessarily indicate better security but could reflect a lack of awareness or reporting mechanisms.