Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
In the course of performing an Information Security audit an auditor confirms that the organization has an enterprise information security policy. However, interviews indicate that not all employees are aware of the organization's information security policy. What conclusion should the auditor make regarding this finding?
This lack of knowledge may lead to unintentional disclosure of sensitive information.
IS audit should provide mandatory security training to the employees.
Information security is not viewed as critical to all functions.
The audit finding will cause management to enhance training to staff.
All employees should be aware of the enterprise's information security policy to prevent unintentional disclosure of sensitive information. Training is a preventive control. Security awareness programs for employees can prevent unintentional disclosure of sensitive information to outsiders.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.