AT-2(5): Advanced Persistent Threat
Control Family:
Parent Control:
CSF v1.1 References:
Baselines:
(Not part of any baseline)
Control is new to this version of the control set.
Control Statement
Provide literacy training on the advanced persistent threat.
Supplemental Guidance
An effective way to detect advanced persistent threats (APT) and to preclude successful attacks is to provide specific literacy training for individuals. Threat literacy training includes educating individuals on the various ways that APTs can infiltrate the organization (e.g., through websites, emails, advertisement pop-ups, articles, and social engineering). Effective training includes techniques for recognizing suspicious emails, use of removable systems in non-secure settings, and the potential targeting of individuals at home.