Which of the following is the BEST reason to provide user awareness and training programs for organizational staff?
A. To ensure proper use of social media B. To reduce organizational IT risk C. To detail business impact analyses D. To train staff on zero-days
Answer: B
Explanation: Ideally, a security awareness training program for the entire organization should cover the following areas: Importance of security Responsibilities of people in the organization Policies and procedures Usage policies Account and password-selection criteria Social engineering prevention
You can accomplish this training either by using internal staff or by hiring outside trainers. This type of training will significantly reduce the organizational IT risk.