Certified in Risk and Information Systems Control (CRISC) — Question 624

Which of the following is the MOST important topic to cover in a risk awareness training program for all staff?

Answer options

• A. The risk department's roles and responsibilities.
• B. Policy compliance requirements and exceptions process.
• C. The organization's information security risk profile.
• D. Internal and external information security incidents.

Correct answer: B

Explanation

The correct answer is B because understanding policy compliance requirements and the exceptions process is essential for staff to adhere to security protocols effectively. While the other options provide valuable information, they do not directly influence the daily actions and decisions of employees in the same way that compliance does.