Certified Information Security Manager (CISM) — Question 955

An organization provides notebook PCs, cable wire locks, smartphone access, and virtual private network (VPN) access to its remote employees. Which of the following is MOST important for the information security manager to ensure?

Answer options

• A. Employees are trained on the acceptable use policy.
• B. Employees use smartphone tethering when accessing from remote locations.
• C. Employees use the VPN when accessing the organization's online resources.
• D. Employees physically lock PCs when leaving the immediate area.

Correct answer: A

Explanation

Training employees on the acceptable use policy is crucial because it sets clear guidelines for the secure and proper use of the provided resources. While using the VPN, smartphone tethering, and locking PCs are important actions for security, without proper training, employees may not understand or follow these practices effectively.