Certified Information Systems Security Professional (CISSP) — Question 50

Which of the following is performed to determine a measure of success of a security awareness training program designed to prevent social engineering attacks?

Answer options

• A. Employee evaluation of the training program
• B. Internal assessment of the training program's effectiveness
• C. Multiple choice tests to participants
• D. Management control of reviews

Correct answer: B

Explanation

The correct answer is B because conducting an internal assessment provides a comprehensive evaluation of the program's effectiveness in achieving its goals. Options A and C focus on subjective feedback and knowledge checks, which do not fully measure overall effectiveness, while D pertains to management oversight rather than direct assessment.