Which of the following findings of a security awareness program assessment would cause the GREATEST concern to a risk practitioner?
Which of the following findings of a security awareness program assessment would cause the GREATEST concern to a risk practitioner?
The greatest concern for a risk practitioner would be if the program has not considered business impact. Security awareness programs need to be aligned with the organization's specific risk profile, industry requirements, and operational processes to effectively mitigate risks. Without considering the business impact, the program could fail to address critical areas, resulting in significant vulnerabilities and potential security incidents that could severely affect business operations.
Security awareness training needs to be tailored to the audience for it to be effective.
Answer is C A security awareness program's primary goal is to mitigate risks by educating employees about security practices, potential threats, and the behaviors expected of them to protect the organization's assets. If the program has not considered the business impact, it means it may not be aligned with the organization's specific risk profile, industry requirements, or operational processes. This misalignment could result in significant gaps in employee understanding and preparedness, leading to heightened vulnerability to security incidents that could have severe business consequences.