Managed Security Awareness Portal User Guide
- Overview of Managed Security Awareness
- Managing the MA program
- Signing in to the MA Portal
- Initial setup
- Managing users
- Monitoring security awareness
- Monitoring program progress with the Secure Culture Dashboard
- Administration Dashboard
- Selecting a security awareness track
- Changing the session delivery day
- Disabling or enabling phishing simulation emails
- Changing the template of the phishing simulation emails
- Previewing an upcoming session
- Muting an upcoming session
- Viewing user information
- Assigning a session to an individual user
- Downloading the MA program session history
- View user completion for MA sessions and quizzes
- Managing incomplete session reminders
- Reports
- Administrator and User Status Reports
- Content Library
- Compliance
- Viewing compliance training course information
- Viewing a compliance training course report
- Managing incomplete compliance training course reminders
- Downloading a compliance training course report
- Downloading compliance training course history
- Downloading a list of users with incomplete compliance training courses
- Administrator Toolkit
- Program Maturity
- See also
Overview of Managed Security Awareness Direct link to this section
Arctic Wolf Managed Security Awareness® (MA) delivers security awareness training as a program to increase security awareness and build a strong security culture within your organization. The MA program contains the following sessions and modules:
Session or Module | Description |
---|---|
QuickStart | The QuickStart is the first session that employees receive at your organization and replaces the first session in the delivery schedule, after which users join the normal delivery cadence. It is a five-minute awareness session to orient users to the MA program and introduce key security awareness topics. |
Microlearning sessions | Three- to five-minute videos or interactive tutorials on recognizing and neutralizing social engineering attacks and avoiding security breaches that result from human error. |
Quizzes | Three- to five-minute test sessions that measure user uptake of security awareness training. |
Automated phishing simulations | Phishing simulation emails that measure the susceptibility of an organization to phishing-based attacks. |
Role-based sessions | Role-based sessions is an exclusive feature available to customers who have purchased MA Plus (MA+). These sessions follow a similar format to microlearning sessions. |
Compliance training modules | Longer than microlearning sessions, these modules range from 15 to 60 minutes, and go beyond security awareness to support the regulatory compliance obligations of an organization. These modules are available to customers with a valid Compliance Content Pack license. This license allows you to assign compliance training in addition to security awareness training to a group of users as required. |
Assigning an MA Administrator in your organization Direct link to this section
Your organization should select a person who will be responsible for monitoring the MA Portal and for maintaining active users of the program. The assigned Administrator will have access to log in to the MA Portal through the Arctic Wolf Portal, or by direct link to your organization’s MA Portal, and would perform the following tasks:
- Configure and manage MA program settings
- Review the overall success of active users for the program
- Submit tickets for any needs of the program, administrators, or users
- Monitor reports
- Review the upcoming schedule for the MA program
Supported languages Direct link to this section
Managed Security Awareness content is primarily delivered in American English. However, some microlearning sessions are available in the following languages:
- American English
- British English
- German
- Spanish
Tip: You can preview microlearning sessions at any time. See Previewing an upcoming session for instructions. If a session has multi-language support, the description includes a list of the available language options.
How MA is delivered Direct link to this section
MA sessions are delivered through email and users receive approximately 43 sessions over the course of a year. Each MA email contains a link to launch the session in a new browser window or tab. On a given week where an activity is scheduled, users only receive one activity for the week: a microlearning session, a quiz, or a phishing simulation email. The MA program delivers content in the following ways:
Session | Delivery |
---|---|
QuickStart | The QuickStart session is sent once the program is active and when new users are added to the system on the selected day of delivery in place of the scheduled content in the Upcoming Sessions table in the Administration Dashboard. |
Security awareness microlearning sessions and quizzes | Typically, users receive 25 unique microlearning sessions and ten quizzes over a 52-week cycle. Users receive email notifications for each training assignment. You can view the upcoming schedule under the Administration Dashboard tab. See Previewing an upcoming session for more information. |
Phishing simulations | If this option is enabled, users receive 12 phishing simulation emails each year, one a month. These emails are sent to user inboxes on a random weekday between 17:00 UTC and 22:00 UTC, or between 16:00 UTC and 21:00 UTC during daylight saving time. |
Users can view their progress in the User Status Report email to see if they are behind on any sessions. You can view the current status of any or all users on the Administration Dashboard, at any time. See Administrator and User Status Reports for more information.
Tip: See Email templates for more information about the types of emails that users and program administrators receive.
Managing the MA program Direct link to this section
The MA Portal lets you manage program features, monitor user participation and performance, assess the level of security awareness that your organization has, and identify opportunities for raising the level of security awareness within your organization.
This guide is intended for administrators of the MA program in their organization.
Signing in to the MA Portal Direct link to this section
To sign in to the MA Portal:
- Go to https://sat.arcticwolf.com/.
- Sign in using your Arctic Wolf credentials.
- For MSPs, search for the desired customer account. Then, select View.
After signing in, the MA Portal loads, and your sign-in details are shown in the top-right corner in this format: Your Name - Organization Name
.
Tips:
- Select the Gear from the menu bar to access these options:
- Go to the Arctic Wolf Portal
- Log out
- (MSPs only) Select the wrench to switch customer accounts.
Initial setup Direct link to this section
These tasks are completed as part of the initial setup of your MA program:
- Sending a test email
- MA program activation
- Email templates
- Customizing emails using private labeling
Sending a test email Direct link to this section
Optionally, you can send a test email to a security administrator within your organization to verify that your corporate email AllowList is configured to allow MA email notifications. To send a test email:
- Select Administration Dashboard from the menu bar.
- Select the User Information tab on the dashboard.
- Select Send Test Email.
Tip: To preview this email:
- Select Administration Dashboard from the menu bar.
- Under Email Templates/Private Labeling, select Email Test Session Link.
See Email templates for more information.
MA program activation Direct link to this section
After you activate the MA program with the Concierge Security® Team (CST), the following occurs:
-
Users receive microlearning sessions approximately every two weeks on the configured session delivery day. See Changing the session delivery day to change this setting.
Tip: See Selecting a security awareness track.
-
The first session that users receive is the QuickStart session, which is an introduction to the MA program.
-
Users periodically receive phishing simulation emails. To disable this feature, see Disabling or enabling phishing simulations.
-
The MA Portal records the progress and performance of all users for all security awareness and compliance training content that the user receives. See Monitoring security awareness for more information.
Email templates Direct link to this section
MA users and program administrators receive various emails throughout the each program cycle. To view the contents of these emails:
- Select Administration Dashboard from the menu bar.
- Under Email Templates/Private Labeling, select the name of an email template to view its contents. Descriptions of the MA email templates are as follows:
Email template | Description |
---|---|
Awareness Session Link | The email that users receive when a microlearning session or quiz is assigned. |
QuickStart Session Link | The first email that users receive after the MA program is activated. The email includes a link to the QuickStart session, which is an introduction to the MA program. |
Email Test Session Link | An email that your onboarding project manager sends before the MA program starts to verify that your corporate email AllowList is configured to allow MA email notifications. |
Monthly Admin Snapshot | A periodic email provides an overview of user participation in the MA program. Only MA program administrators receive this email. |
Status Update - Positive | A periodic email that that provides users a summary of their participation in the MA program. Users receive this email if all training assignments are complete. |
Status Update - Negative | A periodic email that that provides users a summary of their participation in the MA program. Users receive this email if one or more training assignments are incomplete. |
Customizing emails using private labeling Direct link to this section
You can customize the email sender name and display name by enabling private labeling within the Administration Dashboard. By default, the sender of MA emails has the following:
- Email Sender Name:
Arctic Wolf Managed Security Awareness
- Company Display Name:
Arctic Wolf
The session emails sent to users includes the display name in the signature of session emails, as well as within the MA Portal page header. The sender email name displays on the individual emails in an inbox.
Note:
- The customized name appears in the signature, but you cannot customize the body of the email signature.
- Private labeling is optional.
Adding a private label Direct link to this section
To customize the email sender name and display name:
- Select Administration Dashboard from the menu bar.
- On the Email Templates/Private Labeling tab, toggle Use Private Labeling on.
- Edit the Display Name and Email Sender Name, as desired.
- Click Save.
- Review the email templates to confirm that you want to keep your current settings.
Removing a private label Direct link to this section
To remove a custom email sender name and display name:
- Toggle Use Private Labeling off.
Changing a private label Direct link to this section
To update the email sender name and display name:
- Toggle Use Private Labeling off. Then toggle Use private labeling on again.
- Edit the Display Name and Email Sender Name, as desired.
- Click Save.
- Review the email templates to confirm that you want to keep your current settings.
Managing users Direct link to this section
Users are individuals within your organization who will receive sessions, quizzes, and phishing simulations. They receive email communication and do not have sign-in credentials for the MA Portal.
The method that you should use to manage users for the MA program depends on how you enrolled users into the MA program:
- If you enrolled users with Azure or Microsoft 365 Active Directory, see Managing users with Azure or Microsoft 365 Active Directory.
- If you enrolled users manually with a CSV file, see Managing users with a CSV file.
Managing users with Azure or Microsoft 365 Active Directory Direct link to this section
To manage users of the MA program:
- Add or remove users from the AD Group in Azure or Microsoft 365 Active Directory that you selected to sync with the MA Program. See Manage a group in the Microsoft 365 admin center for more information about how to add or remove users from groups.
Note: If you do not remember the name of the AD Group that is synced to the MA program, in the MA Portal click the Gear > User Management > Test Saved Connect > Query. This populates the name of the AD Group.
- In a new browser tab, sign in to the MA Portal.
- Click the Gear and select User Management. This automatically syncs the changes made in Azure Active Directory.
- Click Sync Now.
Note: If you do not select Sync Now, changes can take up to 24 hours to be visible in the MA Portal in the User Information tab within the Administration Dashboard.
- Click Query. The updated list of users in the selected group displays in a table.
Note: QuickStart sessions are automatically sent on the next session delivery day to new users who are added to the program after activation.
Managing users with a CSV file Direct link to this section
Note: These instructions only apply to organizations that have not set up an AD Group to manage users with Azure or Microsoft 365 Active Directory. Only perform these steps if your organization has always managed users with a CSV file.
To add or remove users with a CSV file:
- Locate the CSV file that you created when enrolling users into the MA program.
- Update the CSV file depending on if you are adding or removing users:
- To add a new user to the MA program, add a new row and provide the user's details in the
FirstName
,LastName
, andEmail
columns. - To remove a user that is no longer participating in the MA program, locate and delete the row for that user.
- To add a new user to the MA program, add a new row and provide the user's details in the
- Save your changes.
- Send the updated CSV file by submitting a ticket in the Arctic Wolf Portal.
Note: QuickStart sessions are automatically sent on the next session delivery day to new users who are added to the program after activation.
Monitoring security awareness Direct link to this section
The MA Portal provides the following options for monitoring the level of security awareness in your organization:
Monitoring program progress with the Secure Culture Dashboard Direct link to this section
The Secure Culture Dashboard tracks user participation and measures performance in security awareness sessions, quizzes, phishing simulations, and compliance training. As an administrator, you can view the Secure Culture Score of the organization at a glance or in detail on the MA Portal. You can also view the current status of any or all users on the Administration Dashboard, at any time. Users do not have access to the dashboard, so they must wait for the monthly User Status Report email to see their progress and if they are behind on any sessions.
The Secure Culture Dashboard has these sections:
Section | Description |
---|---|
Secure Culture Program Summary | A display of the following metrics, indicating the extent to which security awareness and regulatory compliance are a part of your organizational culture:
|
QuickStart Status | A summary of user engagement for QuickStart sessions. |
Session Statistics | A summary of user engagement for past security awareness sessions. |
Quiz Statistics | A summary of user engagement and scores for past security awareness quizzes. |
Simulation Statistics | A summary of user behavior in response to delivered phishing simulation emails. |
Tip: See Reports for more information about statistics and reports.
Downloading Secure Culture statistics Direct link to this section
You can download CSV files from the Secure Culture Dashboard that detail the following information, which identifies users who require additional training support:
- Users with incomplete sessions
- Users with low quiz scores
- Users who failed phishing simulations
- Users with incomplete phishing remediation sessions
Note: The data included in CSV file reflects the selected timeframe, for example, within the last 30 days.
To download Secure Culture statistics:
- Select Secure Culture Dashboard from the menu bar.
- Click Download to download the desired CSV file.
Tip: See Increasing your Secure Culture Score for remediation options.
Increasing your Secure Culture Score Direct link to this section
The Secure Culture Score represents the strength of security awareness within your organization, based on the session completion, average quiz score, phishing simulation failures, and remediation completion metrics. Possible scores include:
- Excellent — 90-100
- Strong — 70-89
- At-Risk — 60-69
- Vulnerable — 59 or lower
To increase your Secure Culture Score, consider:
-
Enforcing mandatory participation within your organization.
-
Ensuring that all of your users complete their sessions within 72 hours of receiving the session.
-
Ensuring that no user is more than two sessions behind schedule.
Tip: See Downloading Secure Culture statistics to identify which users are behind schedule.
-
If your organization has a high phishing simulation failures score, assigning additional phishing-themed awareness sessions.
Tip: See Downloading Secure Culture statistics to identify which users failed phishing simulations.
Administration Dashboard Direct link to this section
You can manage security awareness microlearning sessions in the following ways:
- Selecting a security awareness track
- Changing the session delivery day
- Disabling or enabling phishing simulation emails
- Previewing an upcoming session
- Muting an upcoming session
- Viewing user information
- Assigning a session to an individual user
- Downloading the MA program session history
- Managing incomplete session reminders
Selecting a security awareness track Direct link to this section
Note: The Managed Security Awareness Plus (MA+) license is required to access this option.
The MA+ program is set to the standard track by default. However, you can choose from other security awareness tracks that are tailored to specific industries, for example, healthcare.
To change the awareness track:
- Select Administration Dashboard from the menu bar.
- On the Session Information tab, select the desired track from the Current Awareness Track list. The list of upcoming sessions updates to reflect the awareness track that you select.
Changing the session delivery day Direct link to this section
A microlearning session is sent through email between 14:00 and 15:00 UTC on the configured session delivery day.
After changing the session delivery day, users receive the next microlearning session in the queue on the earliest possible day that corresponds with the configuration. For example, if today is Tuesday, August 10, 2021 and you change the session delivery day before 14:00 UTC from Friday to Tuesday, users receive the next microlearning session today, and future sessions are scheduled to be delivered on following Tuesdays.
Note: Changing the selected session delivery day does not affect the timing of phishing simulation emails. Phishing simulations occur on a random weekday between 16:00 UTC and 22:00 UTC.
To change the weekday when sessions are delivered:
- Select Administration Dashboard from the menu bar.
- On the Session Information tab, select the desired session delivery day.
Disabling or enabling phishing simulation emails Direct link to this section
The MA program includes phishing simulations to test user responses to suspicious emails.
To disable or enable phishing simulation emails:
- Select Administration Dashboard from the menu bar.
- Toggle Program Active on.
- On the Session Information tab, toggle Send Phishing Simulation Emails off or on as desired.
Changing the template of the phishing simulation emails Direct link to this section
- In the MA portal, select Administration Dashboard from the menu bar.
- On the Session Information tab, under Upcoming Sessions, find the phishing simulation you want to change to an alternate template, for example a template in a different language.
- Select the list under the Options column, then click Preview/Select Phishing Email.
- From the Available Templates dropdown select the template you want to use.
Note: Note: Ensure that you have allowlisted the correct domains for the simulation email language, if you do not have the correct domains allowlisted, users might not receive the simulation. See Configuring your allowlist in Configuring Managed Security Awareness for a list of domains.
- Review the template preview, then click Select This Phishing Email Template. The template updates in the Upcoming Sessions schedule list.
Notes:
- If you would like to change the phishing simulation template to a language other than English, you must select that language each month prior to the scheduled date.
- Phishing simulation templates are currently available in English and German. The default language is English.
Previewing an upcoming session Direct link to this section
-
Select Administration Dashboard from the menu bar.
-
On the Session Information tab, under Upcoming Sessions, find the session you wish to preview.
Tip: Check the description to see if the session or module includes multi-language support. See Supported languages for more information.
-
Select the list under the Options column. Then, select Preview Session or Preview/Select Phishing Email.
-
If you are previewing a phishing simulation, you can also select different templates that be more relevant to your organization. To select a template:
- Click the Available Templates list and select the template you want to use.
- Click Select This Phishing Email Template to confirm your selection.
Tip: See Muting an upcoming session.
Muting an upcoming session Direct link to this section
If desired, you can mute an upcoming session or phishing simulation. When muted, the session or phishing simulation is not delivered to users.
Notes:
- Some weeks in the MA program cycle do not have a scheduled activity. When an activity is scheduled, users only receive one activity for the week: a microlearning session, a quiz, or a phishing simulation email.
- No alternative session, quiz, or phishing simulation is delivered in its place on the week of the muted session.
- A muted session does not recur for the remainder of the program cycle. However, the topic may be covered in a future microlearning sessions.
- If you unmute the session on the configured session delivery day after 15:00 UTC, or after 14:00 UTC during daylight saving time, users do not receive the session.
- You can leave the Program Active toggle on when you mute a session.
To mute or unmute a session or phishing simulation:
- Select Administration Dashboard from the menu bar.
- On the Session Information tab, under Upcoming Sessions, find the session you wish to mute or unmute.
- Select the list under the Options column. Then, select Mute This Week or Unmute This Week. Muted sessions are highlighted orange. Sessions that are not highlighted are queued to be delivered as scheduled.
Viewing user information Direct link to this section
You can view the email address and session history for users within your organization. For example, you can view the quizzes and phishing simulations sent to each user, when they were sent, and when the user completed them. To view user information:
- Select Administration Dashboard from the menu bar.
- Select the User Information tab on the dashboard.
Assigning a session to an individual user Direct link to this section
You can assign specific security awareness sessions to an individual user, which are delivered separate from the MA program schedule. To assign a microlearning session, quiz, or phishing simulation to a user:
-
Select Administration Dashboard from the menu bar.
-
Select the User Information tab on the dashboard.
-
Search for the desired user. Then, select either of these options:
- View History — To resend a session that the user has already received.
- Assign Session — To assign a session to the user.
Tip: This option lets you assign sessions that are not listed in the history for that user. For example, you can use this option to assign past sessions to a new user who was added to the MA program mid-cycle. When a new user is added, the user automatically receives the QuickStart session. However, the next security awareness session that the user receives is the session that is scheduled for delivery in the current or following week.
-
Page through the list or use the search field to find the session that you want to assign.
Tip: Check the description to see if the session or module includes multi-language support. See Supported languages for more information.
-
Select Assign for the desired session. The user immediately receives an email notification about the training assignment, and the session no longer appears in the list of available sessions and phishing simulations for that user.
Note: You cannot re-assign this session until the user completes the assignment.
Downloading the MA program session history Direct link to this section
Downloading the MA program session history is one way to review the level of engagement of your organization with the MA program. With this option, you can also review the history of a specific session or user.
To download a history of all past sessions and quizzes for all users:
- Select Administration Dashboard from the menu bar.
- Select the User Information tab on the dashboard.
- Select Download Full Session History to download the CSV file.
Tip: To review the history of all past sessions and quizzes for an individual user, see View user completion for MA sessions and quizzes.
View user completion for MA sessions and quizzes Direct link to this section
The MA Portal allows you to view a history of completed MA sessions and quizzes for each user in your organization.
-
In the MA portal menu bar, select Administration Dashbaord.
-
Click the User Information tab.
-
In the Search text box, enter the name of the user.
-
Next to the user, click View History.
In the User Session History window, the results of each assigned session or quiz displays for the selected user.
Tip: In the User Session History window, click Resend next to the session or quiz that you want to resend to the user.
Managing incomplete session reminders Direct link to this section
You can adjust the frequency and the urgency language of emails that are sent to users when training is incomplete. You can configure the settings differently depending on how many incomplete sessions a user has. For example, if you have users with a high number of incomplete sessions, you can increase the frequency of email reminders to those users.
Note: These steps only apply to incomplete MA session management. If you have a valid CPP, you can manage reminders for incomplete compliance training courses from the Compliance tab within the MA Portal. See Managing incomplete compliance training course reminders for instructions.
To manage incomplete session reminders:
-
In the MA Portal menu bar, select Administration Dashboard.
-
Click the Incomplete Session Manager tab.
-
For each applicable column, select the required Frequency of Email option:
- Monthly (1st)
- Bi-Monthly (1st, 15th)
- Weekly (Monday)
- Daily
-
For each applicable column, select the required Urgency of Email from the dropdown list:
- Low
- Moderate
- High
Tip: Click the Low Urgency Email, Moderate Urgency Email, or High Urgency Email tab to preview the email that is sent depending on the Urgency of Email setting.
Reports Direct link to this section
The Reports page displays Secure Culture statistics as downloadable PDF reports. Available reports are as follows:
Section | Description |
---|---|
Security Awareness Program Status | A progress report that shows the completion of microlearning sessions and quizzes, the results of phishing simulations, and the completion of phishing remediation sessions. |
Security Awareness Program Trends | A report that shows trends in user performance. |
High Risk Users | A report that identifies users with a low level of engagement with the MA program and users who have performed poorly in quizzes and phishing simulations. |
Phishing Simulations | A detailed report of phishing simulation results and the completion of phishing remediation sessions. |
Tip: See Secure Culture Dashboard for more information about available statistics.
Viewing an MA session report Direct link to this section
To view an MA session report:
- In the MA Portal menu bar, select Reports.
- Click the desired tab:
- Security Awareness Program Status
- Security Awareness Program Trends
- High Risk Users
See Viewing a compliance training course report for compliance report instructions.
Downloading an MA session report Direct link to this section
To download an MA session report:
-
In the MA Portal menu bar, select Reports.
-
Click the desired tab:
- Security Awareness Program Status
- Security Awareness Program Trends
- High Risk Users
-
Click
Download.
A PDF file downloads to your device.
See Downloading a compliance training course report for compliance report instructions.
Administrator and User Status Reports Direct link to this section
The following User Status Reports are sent each month:
- Administrators receive a User Status Report on the second day of each month. It contains a snapshot of the statistics available in the MA Portal. This summary format allows you to quickly review the security culture of the organization.
- By default, users receive a short email on the first day of the month to confirm what sessions they are caught up on or if they are behind on any sessions. If you have configured incomplete session reminders through the Incomplete Session Manager, users will receive a User Status Report based on what was configured, resulting in more frequent reminders and/or urgent tone for the email. For more information, see Managing incomplete session reminders.
Content Library Direct link to this section
The Content Library feature lets you assign supplemental training content to one or more groups of users.
Note: To access the Content Library feature, your organization must:
- Have a valid Compliance Content Pack or MA+ license
- Use Azure AD for identity and access management
The Content Library contains different content depending on whether you have a Compliance Content Pack or MA+ license. If your organization has a:
-
MA+ license — You can assign any microlearning session or quiz, including those from security awareness tracks that your program is not currently set to. See Selecting a security awareness track for more information. You also have access to role-based security awareness microlearning sessions.
Tips:
- To view the roles that are available, click All Filters > Role.
- If your organization uses AD, we recommend creating different AD user groups to better control which users you assign role-based training modules to. See the See also section for documentation about managing Microsoft users.
-
Compliance Content Pack license — You can assign compliance training modules. Compliance training modules are courses, ranging from 15 to 60 minutes long, that explain the laws, regulations, and policies that are relevant to the responsibilities of employers and employees, for example, anti-discrimination laws, sexual harassment awareness, safety regulations, and rules that govern the protection of personal information.
Assigning supplemental training to a user group Direct link to this section
To assign a supplemental training module to a user group:
Note: User engagement and test outcomes for supplemental training assignments, including compliance training modules, are included in secure culture statistics and reports.
-
Select Content Library from the menu bar.
-
Browse, search, or filter for a training module that covers the desired topic.
Tips:
- Click All Filters to view all filters that you can set. There are also filters for content types available, such as Awareness Session. To reset your filters, click Clear.
- Check the description to see if the session or module includes multi-language support. See Supported languages for more information.
-
Select Assign To Group.
-
In the dialog box, select the desired group.
-
Review the list of group members to confirm your selection.
Notes:
- Verify that you have selected the correct group. Training assignments cannot be removed once they are assigned.
- You cannot assign a module to a group without members. When integrated with AD, the MA Portal performs live queries of AD to retrieve users and user groups. To edit add or remove members, edit the group in AD.
-
Click Assign <module> to <x> users. A confirmation message appears, and users within the selected group receive an email that grants them immediate access to the assigned module.
-
Select x or Close to exit the dialog box.
Compliance Direct link to this section
Note: To access the Compliance information, your organization must have a valid Compliance Content Pack (CPP).
The Compliance page helps you to comply with standards like ISO 27001 or 27002 because it provides you with more visibility and control over your compliance training course information.
The page includes the following tabs:
-
Compliance Dashboard — Displays live compliance training course statistics. It also allows you to search for specific compliance training course data, download the history of compliance training courses, and download a list of users that have incomplete compliance training courses.
See Downloading compliance training course history, and Downloading a list of users with incomplete compliance training courses for more information.
-
Compliance Incomplete Session Manger — Allows you to configure the frequency and the urgency language of emails that are sent to users when training courses are incomplete.
See Managing incomplete compliance training course reminders for more information.
-
Compliance Report — Displays a compliance report that you can download or print. The report replicates the data on the Compliance Dashboard tab.
See Viewing a compliance training course report, and Downloading a compliance traning course report for more information.
See Viewing compliance training course information for more information.
Viewing compliance training course information Direct link to this section
Note: To access the Compliance information, your organization must have a valid CPP.
To view compliance training course information:
- In the MA Portal menu bar, select Compliance.
Viewing a compliance training course report Direct link to this section
Note: To access the Compliance information, your organization must have a valid CPP.
To view a compliance training course report:
- In the MA Portal menu bar, select Compliance.
- Click the Compliance Report tab.
See Viewing an MA session report for MA report instructions.
Managing incomplete compliance training course reminders Direct link to this section
Note: To access the Compliance information, your organization must have a valid CPP.
You can adjust the frequency and the urgency language of emails that are sent to users when training courses are incomplete. You can configure the settings differently depending on how many incomplete training courses a user has. For example, if you have users with a high number of incomplete training courses, you can increase the frequency of email reminders to those users.
To manage incomplete compliance training course reminders:
-
In the MA Portal menu bar, select Compliance.
-
Click the Compliance Incomplete Session Manager tab.
-
For each applicable column, select the required Frequency of Email option:
- Monthly (1st)
- Bi-Monthly (1st, 15th)
- Weekly (Monday)
- Daily
-
For each applicable column, select the required Urgency of Email from the dropdown list:
- Low
- Moderate
- High
Tip: Click the Low Urgency Email, Moderate Urgency Email, or High Urgency Email tab to preview the email that is sent depending on the Urgency of Email setting.
See Managing incomplete session reminders for instructions on managing incomplete session reminders.
Downloading a compliance training course report Direct link to this section
Note: To access the Compliance information, your organization must have a valid CPP.
To download a compliance training course report:
-
In the MA Portal menu bar, select Compliance.
-
Click the Compliance Report tab.
-
Click
Download.
A PDF file downloads to your device.
See Downloading an MA session report for MA report instructions.
Downloading compliance training course history Direct link to this section
Note: To access the Compliance information, your organization must have a valid CPP.
You can download a CSV file that includes the full compliance training course history for your users. The CSV file includes the first and last name of the user, email address, the date the compliance training was sent to the user, and the completion status.
To download compliance history:
-
In the MA Portal menu bar, select Compliance.
-
Click Download Full Compliance History.
A CSV file downloads to your device.
Downloading a list of users with incomplete compliance training courses Direct link to this section
Note: To access the Compliance information, your organization must have a valid CPP.
You can download a CSV file that includes a list of users that have incomplete compliance training courses. The CSV file includes the first and last name of the user, email address, the date the compliance training course was sent to the user, and the completion status.
To download a list of users with incomplete compliance training courses:
-
In the MA Portal menu bar, select Compliance.
-
Next to List of Incomplete Users, click download.
A CSV file downloads to your device.
Administrator Toolkit Direct link to this section
The Administrator Toolkit is a reference and resource library that you can use as a guide to run your security awareness and training programs. Common items in the library include:
- Planning documents
- Email templates
- Posters
- Background images
- Onboarding videos
- MA Portal and program how-to videos
Some resources in the Administrator Toolkit are available in our supported langauges: English, German, and Spanish.
Accessing the Administrator Toolkit Direct link to this section
To access the Administrator Toolkit in the MA Portal:
-
Click the Settings gear icon.
-
Select Administrator Toolkit.
All of the Administrator Toolkit library references and resources are listed.
Note: The Search field filters the resource list based on the criteria entered.
Previewing and downloading resources Direct link to this section
To preview or download a resource from the Administrator Toolkit in the MA Portal:
- Click the Settings gear icon.
- Select Administrator Toolkit.
- Perform one of the following:
- To preview the file in your browser, click Preview.
- To download the file to your computer, click Download.
Program Maturity Direct link to this section
The Program Maturity tool provides MA administrators with a way to reflect on the maturity of their security awareness and training program. The tool is a self-assessment of four core areas of your Managed Awareness program:
- Training — Includes annual organization-wide, executive level, new hire, role-based, and instructor-led training.
- Engagement — Measures engagement with video content, newsletters, blogs, CSAM and Privacy Week events, and ambassador programs.
- Assessment — Includes knowledge checks, phishing simulations, password protection, and awareness of peripheral securiy, for example unlocked laptops or unsecured mobile phones.
- Management — Evaluates strategy, security posture, metrics, and culture surveys.
Advantages of the Program Maturity tool
- The self-assessment takes less than 3 minutes to complete.
- Can be taken at anytime by an MA administrator, and a copy of the results are sent to the administrator's email.
- Provides detailed results, target maturity scores, and information about each core area that can be used to identify areas of improvement for your MA program.
Taking the Program Maturity self-assessment Direct link to this section
- In the MA Portal click the Gear, and select Program Maturity. A new browser tab or window opens.
- Click Start to begin the self-assessment.
- Answer each of the questions in the self-assessment.
Note: You can return to a previous question to change your answer by clicking the directional arrows below a question.
- At the end of the self-assessment, a confirmation of completion message is displayed. Click Submit to finish the self-assessment and send the results to your email.
You can review the results by email and forward the results to others in your organization. For additional information on the self-assessment results, see Program Maturity self-assessment results.
Program Maturity self-assessment results Direct link to this section
After completing the Program Maturity self-assessment, you receive detailed results to your email. The results include:
- The Program Maturity score matrix.
- The name of your organization and date the self-assessment was taken.
- A radial graph of your current Program Maturity scores.
- A radial graph of the Target Maturity scores.
- Your current maturity scores by area.
Note: Items with * are included as part of your Managed Security Awareness Plus with Compliance Content Pack program.
- Target maturity scores, by area.
Note: Target maturity scores are the minimum score that Arctic Wolf recommends you achieve for your MA program.
- An average of the overall Program Maturity score.
- An average of the overall Target Maturity score.
Program Maturity score matrix Direct link to this section
The Program Maturity self-assessment results contain a detailed breakdown and definition of the scores:
Number | Level | Definition |
---|---|---|
1 | Initial | The program lacks consistency and needs focus. |
2 | Just Started | The program has a minimum level of effort. Awareness processes are not understood or defined. Efforts are unplanned and occasional. |
3 | Defined | The program is applying well-defined awareness processes and is consistently delivering each initiative. |
4 | Measured | The program is consistently measuring key indicators. The primary focus is on establishing and enhancing multi-channel and multi-audience engagement, as well as the measurement of performance. |
5 | Optimal | The program is actively managed. It is successfully engaging users across multiple mediums and measuring performance. It is self-organized, adaptive planning, sustainable, continual improvement, and automation for scalability and efficiency. |