Certified in Risk and Information Systems Control (CRISC) — Question 616

Which of the following is MOST likely to deter an employee from engaging in inappropriate use of company-owned IT systems?

Answer options

• A. A centralized computer security response team
• B. Communication of employee activity monitoring
• C. Regular performance reviews and management check-ins
• D. Code of ethics training for all employees

Correct answer: B

Explanation

The correct answer is B because informing employees that their activities are being monitored can create a deterrent effect, making them less likely to engage in inappropriate behavior. While options A, C, and D contribute to overall security and ethics, they do not directly address the immediate awareness of monitoring that can prevent misuse.