ISACA Exam Questions

What is the MOST cost-effective means of improving security awareness of staff personnel?

What is the MOST cost-effective means of improving security awareness of staff personnel?

Employee monetary incentives

User education and training

A zero-tolerance security policy

Reporting of security infractions

User education and training is the most cost-effective means of influencing staff to improve security since personnel are the weakest link in security. Incentives perform poorly without user education and training. A zero-tolerance security policy would not be as good as education and training. Users would not have the knowledge to accurately interpret and report violations without user education and training.