AT-2(1)—Practical Exercises
>Control Description
Provide practical exercises in literacy training that simulate events and incidents.
>Supplemental Guidance
Practical exercises include no-notice social engineering attempts to collect information, gain unauthorized access, or simulate the adverse impact of opening malicious email attachments or invoking, via spear phishing attacks, malicious web links.