Ann a technician received a spear-phishing email asking her to update her personal information by
clicking the link within the body of the email. Which of the following type of training would prevent Ann
and other employees from becoming victims to such attacks?

A.
User Awareness

B.
Acceptable Use Policy

C.
Personal Identifiable Information

D.
Information Sharing

Explanation:
Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an
individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit
card number, or patient record. Employees should be made aware of this type of attack by means of
training.
Incorrect Answers:
A: A user-awareness program helps individuals in an organization understand how to implement policies,
procedures, and technologies to ensure effective security.
B: Acceptable use policy describes how employees are allowed to use company systems and resources,
and the consequences of misuse.
D: Information sharing is controlled using privacy policies. Privacy policies are implemented to maintain
the sanctity of data privacy in the work environment.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 24-25, 404