Which type of policy BEST helps to ensure that all employees, contractors, and third-party users receive formal communication regarding an organization’s security program?
The information security training policy ensures that everyone within the organization, including contractors and third-party users, receives the appropriate level of security awareness and training. This policy defines how the organization communicates its security requirements, expectations, and best practices.
“Information security training policies and programs ensure that all personnel are aware of and understand the security requirements and their individual responsibilities.”
— CISM Review Manual 15th Edition, Chapter 3: Information Security Program Development and Management, Section: Security Awareness and Training
The ISACA CISM practice questions emphasize that a clear training policy is the best way to communicate security practices to all involved parties.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit