Certified in Risk and Information Systems Control (CRISC) — Question 1026

Which of the following is the MOST effective way to validate organizational awareness of cybersecurity risk?

Answer options

• A. Implementing mock phishing exercises
• B. Requiring two-factor authentication
• C. Updating the information security policy
• D. Conducting security awareness training

Correct answer: A

Explanation

Implementing mock phishing exercises is the most effective way to validate awareness because it actively tests employees' responses to phishing attempts, revealing their understanding of cybersecurity risks. The other options, while important for security, do not directly measure awareness or understanding of risks in a practical scenario.