ISC2 CISSP Practice Question

Gamification is the correct answer because it applies game mechanics and design elements to non-game contexts like security training, which has been proven to increase engagement, motivation, and knowledge retention. By incorporating elements such as points, badges, leaderboards, and competitive or collaborative challenges into security awareness training, organizations can transform what might otherwise be considered dry or technical content into an engaging and memorable experience. Research shows that gamified learning can increase knowledge retention by up to 40% compared to traditional methods.

The other options are less effective approaches:

• Annual compliance training is typically a passive learning experience that employees often view as a checkbox exercise, leading to minimal engagement and poor retention.

• Text-heavy security policy documents are generally not read thoroughly by employees and do not promote active learning or engagement.

• Monthly security newsletters provide information but lack interactive elements that would actively engage employees and reinforce learning through application.