A security team has established a security awareness program. Which of the following would BEST prove
the success of the program?

A.
Policies

B.
Procedures

C.
Metrics

D.
Standards

Explanation:
All types of training should be followed up- be tested to see if it worked and how much was learned in the
training process. You must follow up and gather training metrics to validate compliance and security
posture. By training metrics, we mean some quantifiable method for determining the efficacy of training.
Incorrect Answers:
A, B: A user-awareness program helps individuals in an organization understand how to implement
policies, procedures, and technologies to ensure effective security. Policies together with procedures are
part of the training and concerns that employees should be made aware of during the training process.
D: Standards refer to the types of policies and guidelines (the less formal type of policy) to measure risk
and weighing risk.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, p. 401