Cyber & IT Supervisory Forum - November 2023
Internal Use Only
R ‐ SAT v. 2.0: Questions 7, 8, & 9
NEW: Added “unpatched vulnerabilities” to common ransomware attack vectors.
NEW: Added request to identify any specific risks identified in risk assessments that have not been appropriately remediated or mitigated to an acceptable risk level. NEW: New question. Added question to identify whether all employees are periodically provided information on emerging ransomware threats via emails, meetings, etc.
9
Internal Use Only
R ‐ SAT v. 2.0: Question 10
NEW: Added new sub ‐ question to address the frequency of formal security awareness training offerings. Reworded main question to add new consideration for “Acceptable Use Policy training and written employee acknowledgement”
10
Made with FlippingBook - Online catalogs