14.2
IG1 IG2 IG3

Train Workforce Members to Recognize Social Engineering Attacks

Control Group: 14. Security Awareness and Skills Training
Asset Type: N/A
Security Function: Protect

Description

Train workforce members to recognize social engineering attacks, such as phishing, pre-texting, and tailgating.

Implementation Checklist

1
Assess current protection controls in place
2
Configure and deploy required security controls
3
Test control effectiveness in non-production environment
4
Deploy to production and verify functionality
5
Document configuration and operational procedures
6
Develop or procure training content
7
Define training audience and completion requirements
8
Deploy training and track completion rates
9
Measure training effectiveness through testing/simulation

Tool Recommendations

KnowBe4 Gartner MQ Leader, Security Awareness Training 2024; Forrester Wave Leader 2024

Security awareness training platform with simulated phishing, interactive training modules, and compliance reporting

KnowBe4 · Per-user subscription
Proofpoint Security Awareness Training Gartner MQ Leader, Security Awareness Training 2024

Adaptive security awareness and behavior change platform with targeted training based on real threat data

Proofpoint · Per-user subscription
Cofense PhishMe Gartner MQ Challenger, Security Awareness Training 2024

Phishing simulation and security awareness platform with real-time threat intelligence and incident response

Cofense · Per-user subscription

Threats & Vulnerabilities (CIS RAM)

Threat Scenarios

Spear-Phishing Attack with Credential Harvesting Payload

Confidentiality

An attacker sends a targeted spear-phishing email mimicking an internal executive, and the recipient enters credentials on a fake login page because they were never trained to identify phishing indicators.

Business Email Compromise via Pretexting

Integrity

An attacker impersonates a CEO via email and instructs finance staff to wire funds to a fraudulent account, succeeding because employees have not been trained to recognize pretexting and verify unusual requests.

Physical Tailgating into Secure Facility

Confidentiality

An unauthorized person follows an employee through a badge-controlled door by carrying boxes and appearing to need help, gaining physical access because staff have not been trained on tailgating awareness.

Vulnerabilities (When Safeguard Absent)

Workforce Unable to Identify Social Engineering Techniques

Without specific social engineering recognition training, employees cannot distinguish phishing emails from legitimate correspondence or identify pretexting, vishing, and tailgating attempts.

No Simulated Phishing or Social Engineering Exercises

Absence of practical training exercises means employees have no experiential learning to reinforce recognition of social engineering tactics in real-world scenarios.

Evidence Requirements

Type Evidence Item Collection Frequency
Technical Configuration screenshots or exports showing protection controls enabled Captured quarterly
Document Procedure documentation for protection measures Reviewed annually
Record Training completion records and compliance rates Tracked continuously, reported quarterly
Document Training content and curriculum documentation Reviewed annually
Document Governing policy document (current, approved, communicated) Reviewed annually

Related Policy Templates

Security Awareness and Training Policy
Control 14

Related Safeguards in Control 14

14.1 Establish and Maintain a Security Awareness Program
14.3 Train Workforce Members on Authentication Best Practices
14.4 Train Workforce on Data Handling Best Practices
14.5 Train Workforce Members on Causes of Unintentional Data Exposure
14.6 Train Workforce Members on Recognizing and Reporting Security Incidents
14.7 Train Workforce on How to Identify and Report if Their Enterprise Assets are Missing Security Updates
14.8 Train Workforce on the Dangers of Connecting to and Transmitting Enterprise Data Over Insecure Networks
14.9 Conduct Role>Specific Security Awareness and Skills Training
14.1 14.3