SM-07 Incident & Security Monitoring

Security Awareness Training

Staff are equipped against human-factor threats.

Domain
Incident & Security Monitoring
Control type
Preventive
Automated / manual
Hybrid
Frequency
Annual
Framework reference
MAS Cyber Hygiene

What good looks like

Staff complete awareness training (onboard + periodic); phishing simulations run.

Risk if it fails

Phishing/social-engineering breaches.

How Tess tests it

3 tests — each concludes only on cited evidence.

Training programme defined (onboard+periodic)

Design
Procedure
Inspect the programme.
Expected
Defined.
Sample
1 (design inspection)
Evidence
Training completion records, phishing-sim reports.

Completion rates acceptable

Operating
Procedure
Inspect completion records.
Expected
High completion.
Sample
1
Evidence
Training completion records, phishing-sim reports.

Phishing simulations run & followed up

Operating
Procedure
Inspect simulation results.
Expected
Conducted with follow-up.
Sample
1
Evidence
Training completion records, phishing-sim reports.

Evidence Tess looks for

Training completion records, phishing-sim reports.

More in Incident & Security Monitoring

SM-01 Logging Standard & Retention SM-02 Access & Privileged Activity Logging SM-03 Time Synchronisation (NTP) SM-04 Security Alerting & Anomaly Monitoring

Want Tess to test SM-07 against your evidence?

Book a demo