Certified in Risk and Information Systems Control (CRISC) — Question 1191

A risk practitioner has observed an increasing trend of phishing attempts directed at employees. Which of the following is the MOST important action to help mitigate the situation?

Answer options

• A. Report phishing attempt data to appropriate regulatory agencies.
• B. Subscribe to cyber intelligence services.
• C. Implement a targeted security awareness campaign.
• D. Ensure anti-malware applications are up to date.

Correct answer: C

Explanation

The correct answer is C because a targeted security awareness campaign educates employees on recognizing and responding to phishing attempts, which is essential for prevention. While reporting to regulatory agencies (A) and subscribing to cyber intelligence services (B) can provide some support, they do not directly empower employees to combat phishing. Keeping anti-malware applications up to date (D) is important but does not address the human factor in phishing attacks.