Which statement below is NOT true about security awareness, training, and educational programs?

A.
Security education assists management in determining who should be promoted.

B.
Security improves the users’ awareness of the need to protect information resources.

C.
Awareness and training help users become more accountable for their actions.

D.
Security education assists management in developing the in-house expertise to manage security
programs.

Explanation:
The purpose of computer security awareness, training, and education is to enhance security by:
Improving awareness of the need to protect system resources Developing skills and knowledge so
computer users can perform their jobs more securely Building in-depth knowledge, as needed, to
design, implement, or operate security programs for organizations and systems Making computer
system users aware of their security responsibilities and teaching them correct practices helps users
change their behavior. It also supports individual accountability because without the knowledge of
the necessary security measures and to how to use them, users cannot be truly accountable for their
actions. Source: National Institute of Standards and Technology, An Introduction to Computer
Security: The NIST Handbook Special Publication 800-12.