Which choice would be an example of a cost-effective way to enhance security awareness in an
organization?
A.
Train only managers in implementing InfoSec controls.
B.
Calculate the cost-benefit ratio of the asset valuations for a risk analysis.
C.
Train every employee in advanced InfoSec.
D.
Create an award or recognition program for employees.