Certified in Risk and Information Systems Control (CRISC) — Question 503

An organization is developing a security risk awareness training program for the IT help desk and has asked the risk practitioner for suggestions. In addition to technical topics, which of the following is MOST important to recommend be included in the training?

Answer options

• A. Identity verification procedures
• B. Incident reporting procedures
• C. Security policy review
• D. Password selection options

Correct answer: B

Explanation

The correct answer is B, as incident reporting procedures are vital for ensuring that any security incidents are promptly reported and managed, thereby reducing potential risks. While identity verification, security policy review, and password selection are important, they do not directly address the immediate need for awareness and action in the event of a security incident.