List three of the five standard work functions listed in the EBK for the training and awareness evaluation perspective.

What will be an ideal response?

1. Assess and evaluate the IT security training and awareness program for compliance with corporate policies, regulations, and laws (statutes), and measure program and employee performance against objectives
2. Review IT security training and awareness program materials and recommend improvements
3. Assess the training and awareness program to ensure that it meets not only the organization's stakeholder needs, but that it is effective and covers current IT security issues and legal requirements
4. Ensure that information security personnel are receiving the appropriate level and type of training
5. Collect, analyze, and report performance measures