What is the MOST important reason for conducting security awareness programs throughout an
organization?
A.
Reducing the human risk
B.
Maintaining evidence of training records to ensure compliance
C.
Informing business units about the security strategy
D.
Training personnel in security incident response
Explanation:
People are the weakest link in security implementation, and awareness would reduce this risk.
Through security awareness and training programs, individual employees can be informed andsensitized on various security policies and other security topics, thus ensuring compliance from
each individual. Laws and regulations also aim to reduce human risk. Informing business units
about the security strategy is best done through steering committee meetings or other forums.