Isaca Certified Information Systems Auditor CISA Question # 307 Topic 31 Discussion
CISA Exam Topic 31 Question 307 Discussion:
Question #: 307
Topic #: 31
Which of the following findings should be of GREATEST concern to an IS auditor reviewing an organization s newly implemented online security awareness program'?
A.
Only new employees are required to attend the program
B.
Metrics have not been established to assess training results
C.
Employees do not receive immediate notification of results
D.
The timing for program updates has not been determined
The greatest concern for an IS auditor reviewing an online security awareness program is that metrics have not been established to assess training results. Without metrics, it is difficult to measure the effectiveness of the program and identify areas for improvement. The other findings are alsoissues that need to be addressed, but they are not as significant as the lack of metrics. References: CISA Review Manual (Digital Version), Chapter 5, Section 5.3.11
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit