I would appreciate it, if answer option D would avoid using the word "incident" and use the word "event" instead. An incident is a confirmed security issue (e.g., attack, vulnerability) and incident response must be triggered. Events are cases where the reported matter must be assessed, before declaring an actual incident.
In this case, an increase in reported security events demonstrates a heightened user awareness towards security. Hence it's a good indication of an effective awareness program.
B. Reduction in the impact of security incidents
D happens naturally but is a bad sign that user report unnecessary case
B should be the purpose of the campaign, compare to C
D. For the ones saying that is C, how you gonna know if the decrease of security incidents is simply because there are less attacks or because the awareness training was good? If people report more things is a clear indicator that the awareness was good.
The best indication of the effectiveness of a recent information security awareness campaign delivered across the organization is a decrease in the number of security incidents
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ccKane
Highly Voted 1 year, 10 months agoJosef4CISM
Most Recent 6 months agoxcjxcj
11 months agoMarcelus1714
11 months, 2 weeks agoSoleandheel
1 year, 1 month agorichck102
1 year, 6 months agoJae_kes
1 year, 6 months agoad_27
1 year, 8 months agobambs
1 year, 9 months agoccKane
1 year, 10 months ago