IT 部門は、組織の情報セキュリティ ポリシーに関するユーザーの認識を高めるためにトレーニング セッションを開催しました。トレーニングの有効性を反映する最適な主要業績評価指標 (KPI) は次のどれですか。
正解:B
A key performance indicator (KPI) is a metric that reflects how well an organization is achieving its goals and objectives. A KPI should be specific, measurable, achievable, relevant, and time-bound. For an IT department that has organized training sessions to improve user awareness of organizational information security policies, the best KPI to reflect the effectiveness of the training is the percentage of staff members who complete the training with a passing score. This KPI measures the level of knowledge and understanding of the security policies among the staff members, as well as the quality and impact of the training sessions. It also indicates whether the training sessions have met the predefined criteria and standards for success. A high percentage of staff members who complete the training with a passing score implies that the training sessions have been effective in improving user awareness of organizational information security policies. References = Risk and Information Systems Control Study Manual, Chapter 3, Section 3.3.2, p. 117-118