Cyber & IT Supervisory Forum - November 2023

Internal Use Only

R ‐ SAT v. 2.0: Question 11

NEW: New question. Added questions here to address performance of phishing exercises (at least quarterly) and the use of exercise metrics to evaluate training effectiveness and guide additional employee training efforts.

11

Internal Use Only

R ‐ SAT v. 2.0: Question 12

NEW: Added three extra columns to allow the capture of more information directly in the question (reduced reliance on Appendix A); added request for description of procedure details for each control listed.

12