Which of the following is an indicator that a company's new user security awareness training module has been effective?
Which of the following is an indicator that a company's new user security awareness training module has been effective?
An effective user security awareness training module is likely to result in more incidents of phishing attempts being reported. When users are better trained, they become more adept at recognizing phishing attempts and are more likely to report them. Increased reporting indicates heightened awareness and vigilance among employees, implying that the training is successfully teaching them to identify and react to potential security threats.
Its B not C
Agree with B
Tricky options B & C - I ended up choosing C, but B is right The whole idea of awareness training is to change user behaviour. When more incidents are reported, it's a good indicator that users are security aware and taking the right action
B is correct
C. Fewer incidents of phishing attempts are being reported. For those selecting B, you are mistaken. I understand your logic, you're thinking that employees will report more phishing attemps when they are more away but your approach of looking at it is flawed. When an awareness program is effective, employees will have fewer security incidents. There is a difference between a security event and a security incident. An incident usually means that the phishing event was successful and as such an incident that needs to be contained or mitigated. C. is the correct answer because fewer incidents will be reported because the phishing attempt events will not be successful to become incidents. I hope this makes sense to you. You have to be able to distinguish between a phishing event and a phishing incident. There is a difference between an event and an incident. Not all security events are incidents.
I would agree with you if the word "ATTEMPT" was not in the answers provided. Just getting a phishing email is considered an incident, but not a bad one if the attempt failed to get the user to click on the email content and it was reported instead.
C is correct. It's all about wording. "fishing attempts" leads us to answer B. But the scenario does not state if these attempts were successful or not. The word "incident" is the key. An incident indicates that the security event "fishing attempt" already had an negative effect on the organization - the fishing attempt was successful. This is why a successful awareness campaign should lead to FEWER incidents.
You missed it. More are being REPORTED which means users now recognize phishing attempts and report them, which means the training was good. It's B.
C. Correct answer Fewer incidents of phishing attempts are being reported is an indicator that a company's new user security awareness training module has been effective. This suggests that the employees are becoming more aware of phishing attempts and are therefore less likely to fall for them.
Answer B) More... If users are more aware, then they should be reporting MORE instances of phishing attempts.
B. This is the goal of phishing awareness program.
Here most of the people have misunderstood the word Incident and have voted for C. According to NIST, an Incident is An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. Simply, a security incident is an event that may indicate that an organization's systems or data have been compromised. So fewer incidents of phishing attempts are being reported means that the awareness training are success.
You are right! Which means the correct answer is C. not B. ........C. Fewer incidents of phishing attempts are being reported. "People have misunderstood the word incident and have voted for B".
More aware means being able to identify and report.
You have to wonder who/how ExamTopics answering these questions! It appears they didn’t even do simple research for providing answers.
It's a tricky QUESTION, but the answer is B.
B is correct The objective of awareness training is to change user behavior and if the number of phising incident that have reported is increased means that the awareness program has succeeded
C. Fewer incidents of phishing attempts are being reported. An effective security awareness training module should lead to a decrease in successful phishing attempts, as users become more vigilant and cautious about identifying and reporting phishing attempts.
I go with B. After users awareness they are to be more vigilant and report more incidents. Whether those incidents are true or not it is a different story, but the fact they are more suspicious and they would report more incidents.
The incident is the keywords. Fewer incident means successful phishing reduced.
B is correct, mixed up "incident" and "accident"
C. Fewer incidents of phishing attempts are being reported.
Agree with this logic
Sure seems like B. I get these phishing emails at work and click on "report phishing". Although, I now just ignore them since it's obvious to me this is phishing. My employer doesn't care though, but others take the report very seriously and can terminate you if you ignore. So this question actually has both B and C as answers, depending on the situation.
It would be C ,Since ,it is effective result