Certified in Risk and Information Systems Control (CRISC) — Question 982

Which of the following is the BEST recommendation to address recent IT risk trends that indicate social engineering attempts are increasing in the organization?

Answer options

• A. Update spam filters.
• B. Conduct a simulated phishing attack.
• C. Strengthen disciplinary procedures.
• D. Revise the acceptable use policy.

Correct answer: B

Explanation

The correct answer is B, as conducting a simulated phishing attack helps to educate employees about the tactics used in social engineering, thereby increasing awareness and preparedness. Options A, C, and D, while beneficial for overall security, do not directly address the specific challenge posed by social engineering attempts.