AT-2(1): Practical Exercises

Control Family:

Awareness And Training

CSF v1.1 References:


(Not part of any baseline)

Next Version:

Control Statement

The organization includes practical exercises in security awareness training that simulate actual cyber attacks.

Supplemental Guidance

Practical exercises may include, for example, no-notice social engineering attempts to collect information, gain unauthorized access, or simulate the adverse impact of opening malicious email attachments or invoking, via spear phishing attacks, malicious web links.