Certified in Risk and Information Systems Control (CRISC) — Question 597

Which of the following is the MOST important information to be communicated during security awareness training?

Answer options

• A. Corporate risk profile
• B. Recent security incidents
• C. Management's expectations
• D. The current risk management capability

Correct answer: C

Explanation

Management's expectations are essential as they set the tone for the organization's security culture and guide employees on their responsibilities. While the corporate risk profile, recent incidents, and current risk management capabilities are important, they do not directly inform employees about what is specifically expected from them in terms of security practices.