🔥 3-day streak
CompTIA SecurityX (CAS-005)88 / 120
Question 88 of 120

A large enterprise has run mandatory annual security awareness training for three years, yet the incident response team reports that credential-harvesting phishing remains the leading cause of account compromise. Executive leadership asks the CISO to demonstrate whether the awareness program is actually reducing risk and to justify continued investment. Which approach BEST enables the CISO to measure and improve the program's effectiveness?

Reviewed for accuracy · Report an issueNext question