The greatest benefit of an effective awareness program is the reduction of security incidents (B). CISM stresses that awareness aims to change behavior, which directly lowers the likelihood of incidents such as phishing, data leakage, and policy violations. Compliance (A), accountability (C), and metrics (D) are secondary outcomes. The true measure of success is improved risk posture through fewer and less severe incidents.
[References: ISACA CISM Review Manual (Program management—security awareness and behavior); CISM Exam Content Outline (Domain 3)., , , ]
Submit