PECB Lead Implementer (ISO/IEC 27001) — Question 104

Scenario 6: Skyver offers worldwide shipping of electronic products, including gaming consoles, flat-screen TVs, computers, and printers. In order to ensure information security, the company has decided to implement an information security management system (ISMS) based on the requirements of ISO/IEC 27001.
Colin, the company’s best information security expert, decided to hold a training and awareness session for the personnel of the company regarding the information security challenges and other information security-related controls. The session included topics such as Skyver’s information security approaches and techniques for mitigating phishing and malware.
One of the participants in the session is Lisa, who works in the HR Department. Although Colin explains the existing Skyver’s information security policies and procedures in an honest and fair manner, she finds some of the issues being discussed too technical and does not fully understand the session. Therefore, in a lot of cases, she requests additional help from the trainer and her colleagues.
Based on the scenario above, answer the following question:
How should Colin have handled the situation with Lisa?

Answer options

• A. Extend the duration of the training and awareness session in order to be able to achieve better results
• B. Promise Lisa that future training and awareness sessions will be easily understandable
• C. Deliver training and awareness sessions for employees with the same level of competence needs based on the activities they perform within the company

Correct answer: C

Explanation

The correct answer is C because it emphasizes the importance of tailoring training to the specific knowledge levels of employees, ensuring that everyone can fully comprehend the material. Extending the session (A) may not address Lisa's comprehension issues effectively, while promising future simplicity (B) does not provide immediate support for her current understanding.