Certified Information Systems Security Professional (CISSP) — Question 38

Which is the PRIMARY mechanism for providing the workforce with the information needed to protect an agency's vital information resources?

Answer options

• A. Implementation of access provisioning process for coordinating the creation of user accounts
• B. Incorporating security awareness and training as part of the overall information security program
• C. An information technology (IT) security policy to preserve the confidentiality, integrity, and availability of systems
• D. Execution of periodic security and privacy assessments to the organization

Correct answer: B

Explanation

The correct answer is B because incorporating security awareness and training is crucial for ensuring that the workforce understands their role in protecting vital information resources. Options A, C, and D, while important, are more focused on processes and policies rather than directly providing information to employees, which is the primary goal here.