Certified in Risk and Information Systems Control (CRISC) — Question 683

Which of the following is the BEST indication of an improved risk-aware culture following the implementation of a security awareness training program for all employees?

Answer options

• A. An increase in the number of identified system flaws
• B. A reduction in the number of help desk calls
• C. An increase in the number of incidents reported
• D. A reduction in the number of user access resets

Correct answer: C

Explanation

The correct answer is C, as an increase in reported incidents suggests that employees are more aware of security issues and are actively reporting them, which indicates a stronger risk-aware culture. Options A and B do not directly reflect improved awareness, while D implies fewer issues rather than increased reporting of potential security incidents.