Mark works as a security manager for SoftTech Inc. He is performing a security awareness program.
To be successful in performing the awareness program, he should take into account the needs and
current levels of training and understanding of the employees and audience.
There are five key ways, which Mark should keep in mind while performing this activity.
Current level of computer usage
What the audience really wants to learn
How receptive the audience is to the security program
How to gain acceptance
Who might be a possible ally
Which of the following activities is performed in this security awareness process?
A.
Separation of duties
B.
Stunned owl syndrome
C.
Audience participation
D.
Audience segmentation
Explanation:
Audience segmentation means separating and organizing mass audience into minor groups of
people who have similar communication related needs, preferences and characteristics. The security
awareness program takes into account the requirements and current levels of training and
understanding of the employees and audience. To establish a successful segmentation of the user
audience, following points should be considered.
Current level of computer usage
What the audience really wants to learn
How receptive the audience is to the security program
How to gain acceptance
Who might be a possible ally
Answer option A is incorrect. Separation of duties is the concept and a part of an organization’s
policy of having more than one person required to complete a task. It implements an appropriatelevel of checks and balances upon the activities of individuals. With the concept of SoD, business
critical duties can be categorized into four types of functions. authorization, custody, record keeping,
and reconciliation. In a perfect system, no person should handle more than one type of function.
Separation of duties helps reduce the potential damage from the actions of one person. As an
organization’s policy it also helps to prevent collusion.
Answer option C is incorrect. It is not a valid answer for this Question Answer option
B is incorrect. Stunned owl syndrome is a method where the words no longer go in one ear and out
the other.
CISM Review Manual 2010, Contents. “Information security program management”