Which choice would be an example of a cost-effective way to enhance
security awareness in an organization?

A.
Train only managers in implementing InfoSec controls.

B.
Calculate the cost-benefit ratio of the asset valuations for a risk
analysis.

C.
Train every employee in advanced InfoSec.

D.
Create an award or recognition program for employees.