After a number of highly publicized and embarrassing customer data leaks as a result of social engineering
attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another
data leak. Which of the following would be MOST effective in reducing data leaks in this situation?

A.
Information Security Awareness

B.
Social Media and BYOD

C.
Data Handling and Disposal

D.
Acceptable Use of IT Systems

Explanation:
Education and training with regard to Information Security Awareness will reduce the risk of data leaks and as
such forms an integral part of Security Awareness. By employing social engineering data can be leaked by
employees and only when company users are made aware of the methods of social engineering via Information
Security Awareness Training, you can reduce the risk of data leaks.