User Training
Train users to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spearphishing, social engineering, and other techniques that involve user interaction.
ID: M0917
Security Controls: NIST SP 800-53 Rev. 5 - AT-2
Version: 1.0
Created: 06 June 2019
Last Modified: 20 September 2023
Techniques Addressed by Mitigation
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| ICS | T0811 | Data from Information Repositories |
Develop and publish policies that define acceptable information to be stored in repositories. |
|
| ICS | T0893 | Data from Local System |
Develop and publish policies that define acceptable information to be stored on local systems. |
|
| ICS | T0865 | Spearphishing Attachment |
Users can be trained to identify social engineering techniques and spearphishing emails. |
|
| ICS | T0863 | User Execution |
Use user training as a way to bring awareness to common phishing and spearphishing techniques and how to raise suspicion for potentially malicious events. |
|