The Chief Information Security Officer (CISO) should highlight social engineering as an area of increased vulnerability due to the lack of completion of security awareness training by employees. Social engineering attacks exploit human behavior, and employees who are not adequately trained are more likely to fall victim to phishing, pretexting, and other types of social engineering tactics. Increasing awareness and training helps employees recognize and respond appropriately to these threats.
[References:, CompTIA CASP+ CAS-004 Exam Objectives: Section 4.3: Understand how to conduct risk management activities., CompTIA CASP+ Study Guide, Chapter 9: Risk Management and Incident Response., , , , , , ]
Submit