Exam ISO-IEC-27035-Lead-Incident-Manager Topic 1 Question 9 Discussion

Actual exam question for PECB's ISO-IEC-27035-Lead-Incident-Manager exam
Question #: 9
Topic #: 1
What is the primary objective of an awareness program?

Suggested Answer: B Vote an answer

Comprehensive and Detailed Explanation From Exact Extract:
The core purpose of a security awareness program, as outlined in ISO/IEC 27035 and ISO/IEC 27001, is to influence behavior and attitudes toward security, making staff more conscious of threats and their responsibilities in preventing incidents. An effective awareness program helps reduce human errors, enhances response readiness, and builds a security-conscious culture.
ISO/IEC 27035-2:2016 clearly differentiates awareness from training. While training focuses on skills and procedures, awareness is about shaping the mindset, ensuring that employees understand the importance of security in their daily tasks.
Option A (technology introduction) and option C (IT efficiency) are not primary goals of awareness programs.
Reference Extracts:
ISO/IEC 27035-2:2016, Clause 7.3.1: "The objective of awareness activities is to change behavior and enhance understanding of security threats and how to prevent them." ISO/IEC 27001:2022, Control 6.3 and Annex A: "Personnel should be made aware of the importance of information security and their responsibilities in supporting it." Correct answer: B
-

by Norman at Nov 11, 2025, 05:33 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10