CISSP Exam QuestionsBrowse all questions from this exam

CISSP Exam - Question 343


Which is the PRIMARY mechanism for providing the workforce with the information needed to protect an agency's vital information resources?

Show Answer
Correct Answer: B

Incorporating security awareness and training as part of the overall information security program is the primary mechanism for providing the workforce with the information needed to protect an agency's vital information resources. Educating employees and users about security risks, best practices, policies, and procedures equips them with the know-how to safeguard information resources effectively. While other options like IT security policy and access provisioning are important, they do not directly address the need for continuous education and awareness among employees which is critical for an effective information security strategy.

Discussion

16 comments
Sign in to comment
WiDeBarulhoOption: B
Oct 25, 2022

Security awareness and training will give you CIA (option "C"). This training will/shall also cover the concepts of need-to-know and least privilege (option "A"). Therefore option "B" is the most appropriate.

jackdryan
May 14, 2023

B is correct

Jay327Option: C
Nov 16, 2022

I vote C "PRIMARY mechanism" Policy comes first and will include awareness and training program? Think like a manager :)

oudmaster
Dec 30, 2022

I agree with you. Security Policy can include many points other than user training, and it should provide enough/complete security to protect vital information assets.

ap0ls
Mar 10, 2024

Agree. Go with the more general or broader answer

eboehm
Apr 10, 2024

did you even read the question? This is one of those questions that will get you in trouble by auto selecting an answer just cuz it has a policy in it. For one thing, this states an information technology policy. That tends to not be people/process specific. Secondly, yes there would be a policy in place. BUT a policy is not the way you PROVIDE users with the required information as the question asks

CuteRabbit168Option: B
Oct 11, 2022

Could B be a better answer ? Security and awareness training….

franbarproOption: B
Oct 26, 2022

The questions says "providing the workforce with the information needed" - That sounds like training to me.

JohnyDalOption: C
Feb 11, 2023

Think like a manager.....policy includes A,B,D....so C is the all-encompassing best managerial answer

BoyBastosOption: B
Sep 4, 2023

B. Incorporating security awareness and training as part of the overall information security program Incorporating security awareness and training as part of the overall information security program is the primary mechanism for providing the workforce with the information needed to protect an agency's vital information resources. Educating employees and users about security risks, best practices, policies, and procedures helps them understand their roles and responsibilities in safeguarding information resources. While the other options (implementation of access provisioning process, IT security policy, periodic security assessments) are important components of an information security program, security awareness and training play a critical role in ensuring that the workforce is informed and capable of protecting information resources effectively.

isaac592Option: B
Oct 23, 2023

B - "providing the workforce"

isaac592
Oct 24, 2023

Also, is states it verbatim in NIST SP800 Ch4: "Establishing and maintaining a robust and relevant information security awareness and training program as part of the overall information security program is the primary conduit for providing the workforce with the information and tools needed to protect an agency’s vital information resources."

pingundasOption: C
Oct 28, 2022

Policies are information with instructions (must/must not). C seems to be right to me

SongOTDOption: A
Oct 18, 2022

Is it about need-to-know or least privilege? I was thinking about A.

IXoneOption: B
Oct 30, 2022

keyword "Workforce" should be correct answer B

DJOEKOption: B
Jan 12, 2023

keyword "Workforce" should be correct answer B

Dee83Option: B
Jan 31, 2023

B. Incorporating security awareness and training as part of the overall information security program.

HughJassoleOption: B
Jun 5, 2023

B. "providing the workforce with the information" sounds like training of employees, hence B is the only match. C wouldn't work because it doesn't train and it is too specific. At my CISSP class the instructor cautioned against too specific of an answer, the strategy is to go with the most comprehensive since CISSP is about high level, not the details.

dark7nessOption: B
Jul 1, 2023

Security awareness is essential

YesPleaseOption: B
Dec 21, 2023

Answer B) Incorporating security awareness and training as part of the overall information security program Answer B includes C since it references an "overall information security program". C does not need to contain anything about end user training.

8e1c45bOption: B
Jul 19, 2024

vote for b