Certified Information Security Manager (CISM) — Question 977

An employee clicked on a malicious link in an email that resulted in compromising company data. What is the BEST way to mitigate this risk in the future?

Answer options

• A. Assess and update spam filtering rules.
• B. Establish an acceptable use policy.
• C. Implement disciplinary procedures.
• D. Conduct phishing awareness training.

Correct answer: D

Explanation

The correct answer is D, as conducting phishing awareness training equips employees with the knowledge to recognize and avoid malicious links in emails. While assessing spam filtering rules (A) and establishing a policy (B) can help, they do not directly address employee behavior. Implementing disciplinary procedures (C) may not prevent the initial act of clicking a malicious link.