Certified in Risk and Information Systems Control (CRISC) — Question 1093

Which of the following is the BEST evidence of the effectiveness of a security awareness program?

Answer options

• A. An increase in the number of user-reported security issues
• B. A decrease in the number of security threats
• C. An increase in the number of key performance indicators (KPIs)
• D. A decrease in the number of failed login attempts

Correct answer: A

Explanation

An increase in user-reported security issues suggests that employees are more aware of potential threats and are actively engaging with security protocols. Conversely, a decrease in security threats (B) may not directly correlate with awareness, as it could result from other factors. Similarly, an increase in KPIs (C) or a decrease in failed login attempts (D) do not specifically reflect the effectiveness of the awareness program itself.