Certified in Risk and Information Systems Control (CRISC) — Question 1037
Which of the following would BEST help minimize the risk associated with social engineering threats?
Answer options
- A. Reviewing the organization's risk appetite
- B. Enforcing employee sanctions
- C. Enforcing segregation of duties
- D. Conducting phishing exercises
Correct answer: D
Explanation
Conducting phishing exercises is crucial as it directly educates employees about social engineering tactics and helps them recognize and respond appropriately to such threats. Reviewing risk appetite, enforcing employee sanctions, and enforcing segregation of duties may be important for overall security, but they do not specifically target the awareness and preparedness needed to combat social engineering attacks.