Certified in Risk and Information Systems Control (CRISC) — Question 757

Which of the following BEST indicates whether security awareness training is effective?

Answer options

• A. Course evaluation
• B. User behavior after training
• C. User self-assessment
• D. Quality of training materials

Correct answer: B

Explanation

User behavior after training directly reflects the impact of the security awareness training on their actions, making it the best indicator of effectiveness. Course evaluation and self-assessment may provide insights, but they don't measure actual changes in behavior. The quality of training materials is also important but does not directly assess training effectiveness.