Your hacker Blog

CISA releases Insider Risk Mitigation Self-Assessment Tool

CISA

The US CISA has released a new tool that allows to assess the level of exposure of organizations to insider threats and devise their own defense plans against such risks.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released the Insider Risk Mitigation Self-Assessment Tool, a new tool that allows organizations to assess their level of exposure to insider threats.

Insider threats pose a severe risk to organizations, the attacks are carried out by current or former employees, contractors, or others with inside knowledge, for this reason they are not easy to detect.

An attack from insiders could compromise sensitive information, cause economic losses, damages the reputation of the organization, theft of intellectual property, reduction of market share, and even physical harm to people.

The Tool

The tool elaborates the answers of the organizations to a survey about their implementations of a risk program management for insider threats.

“The Cybersecurity and Infrastructure Security Agency (CISA) released an Insider Risk Mitigation Self-Assessment Tool today, which assists public and private sector organizations in assessing their vulnerability to an insider threat.  By answering a series of questions, users receive feedback they can use to gauge their risk posture.  The tool will also help users further understand the nature of insider threats and take steps to create their own prevention and mitigation programs.” reads the announcement published by CISA.

Insider Threats are Cyber threats or Physical Threats

#InsiderThreats can be #cyber or physical. Do you have a plan to handle an insider threat? If you don’t, our Insider Threat Self-Assessment Tool will help gauge your vulnerability to an insider threat incident: https://t.co/fWSosDueFt #InfrastructureResilience #InfoSec pic.twitter.com/gob4hxAP27— CISA Infrastructure Security (@CISAInfraSec) September 28, 2021The tool allows organizations to create their own programs to prevent and mitigate insider threats.

“While security efforts often focus on external threats, often the biggest threat can be found inside the organization,” said David Mussington, CISA’s Executive Assistant Director for Infrastructure Security. “CISA urges all our partners, especially small and medium businesses who may have limited resources, to use this new tool to develop a plan to guard against insider threats. Taking some small steps today can make a big difference in preventing or mitigating the consequences of an insider threat in the future.”

CISA provides further info and tools to mitigate insider threat risks that are available on its website.

In easily July, the US Cybersecurity and Infrastructure Security Agency (CISA) has released the Ransomware Readiness Assessment (RRA), a new ransomware self-assessment security audit tool for the agency’s Cyber Security Evaluation Tool (CSET).

RRA could be used by organizations to determine their level of exposure to ransomware attacks against their information technology (IT), operational technology (OT), or industrial control system (ICS) assets.

The post CISA releases Insider Risk Mitigation Self-Assessment Tool appeared first on Security Affairs.