Certified in Risk and Information Systems Control (CRISC) — Question 990
An organization has been experiencing an increasing number of spear phishing attacks. Which of the following would be the MOST effective way to mitigate the risk associated with these attacks?
Answer options
- A. Implement a security awareness program.
- B. Require strong password complexity.
- C. Implement two-factor authentication.
- D. Update firewall configuration.
Correct answer: A
Explanation
The most effective way to combat spear phishing attacks is to implement a security awareness program (A), as it educates employees about recognizing and responding to such threats. While strong passwords (B) and two-factor authentication (C) enhance security, they do not specifically address the human factor involved in spear phishing. Updating firewall configurations (D) may help with general security, but it does not directly mitigate the risk posed by targeted phishing tactics.