Question 52
Main Page
In an audit, the CISO is asked about metrics for security awareness. Which is most appropriate?
A. Firewall uptime
B. Number of users attending annual training
C. Number of users falling for phishing simulations
D. Count of antivirus definitions updated
Answer: Number of users falling for phishing simulations
Measuring susceptibility to phishing is a key indicator of user awareness effectiveness.