Certified in Risk and Information Systems Control (CRISC) — Question 1143

An insurance company handling sensitive and personal information from its customers receives a large volume of telephone requests and electronic communications daily. Which of the following is MOST important to include in a risk awareness training session for the customer service department?

Answer options

• A. Identifying social engineering attacks
• B. Archiving sensitive information
• C. Understanding the importance of using a secure password
• D. Understanding the incident management process

Correct answer: A

Explanation

Identifying social engineering attacks is crucial for customer service representatives, as they are often the first line of defense against such tactics aimed at compromising sensitive information. While archiving, password security, and incident management are important, they do not directly address the immediate threats posed by social engineering, which can lead to data breaches if not recognized and mitigated promptly.