Certified Information Security Manager (CISM) — Question 929

Which of the following is the BEST way to reduce the risk of security incidents from targeted email attacks?

Answer options

• A. Conduct awareness training across the organization.
• B. Require acknowledgment of the acceptable use policy.
• C. Disable all incoming cloud mail services.
• D. Implement a data loss prevention (DLP) system.

Correct answer: A

Explanation

Conducting awareness training across the organization equips employees with the knowledge to recognize and respond to phishing attempts, making it the best choice. While requiring acknowledgment of the acceptable use policy and implementing a DLP system may provide some level of protection, they do not address the human factor as directly as training does. Disabling all incoming cloud mail services is impractical and would disrupt communication without effectively preventing targeted attacks.