Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

(CISSP) Domain 1: Security and Risk Management > 1.13 Establish and Maintain A Security Awareness, Education, and Training Program > Flashcards

1.13 Establish and Maintain A Security Awareness, Education, and Training Program Flashcards

1
Q

Who is Responsible for Security?

A

Everyone!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How can a company ensure all employees understand their security responsibilities?

A

Through ongoing awareness, training, and education.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the goal of fostering Awareness in an organization?

A

To create cultural sensitivity to a given topic or issue.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are ways organizations can promote awareness of security responsibilites?

A

Phishing campaigns, lunch and learns, and awareness posters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the purpose of Training?

A

To provide specific skills needed to perform a task related to security. This includes phishing campaigns, firewall admin training to configure firewall rules, and security officer training to handle specific situations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does Awareness Do? Who is Responsible?

A

Raises cultural awareness and sensitivity to a topic | Organization wide without much dedicated time involved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Why is Training useful?

A

Provides more specific technical skills and focuses on specific skills related to security-focused tasks/roles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Education good for?

A

Focusing on fundamental concepts and developing decision-making skills.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How can you ensure Awareness is conveyed effectively to the entire organization?

A

Use language specific to the audience such as live in-person sessions, requirements/rewards, regular campaigns, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What source can be used to identify the most important topics security awareness, training, and education should focus on?

A

The organization’s Risk Register | This helps organizations ensure their most valuable and at-risk assets are receiving proper attention and training.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why use Periodic Content Reviews?

A

To ensure that awareness, training, and education program materials are evolving alongside the rapidly changing threat landscape.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are some Key Metrics to consider when tracking awareness, training, and education program effectiveness?

A

Total number of people completing the program | Number of people providing feedback compared to total attendees | Number of people reporting suspicious activities after training is complete | Tracking how well staff members performed (Passing scores ranges, etc.) | Total number of attempts the course was taken by each person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

(CISSP) Domain 1: Security and Risk Management (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions