The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new tool that allows organizations to assess their vulnerability to insider threats and devise their own defense plans against such risks.
The Insider Risk Mitigation Self-Assessment Tool helps you determine your organization’s risk posture by answering a series of questions about the requirements for setting up an insider risk program management, the level of insider risk awareness and training of your employees, and your organization’s insider risk environment.
This is a great tool to help you determine your organization’s risk posture.
This tool also makes it easier to understand the nature of insider threats and facilitates the process of creating prevention and mitigation programs.
David Musington, Executive Assistant Director of Infrastructure Security at CISA
Security measures often focus on external threats, but the biggest threats often reside inside an organization.
CISA encourages all of our partners, especially small and medium-sized businesses with limited resources, to use this new tool to take action against internal threats.
Taking small steps can make a big difference in preventing or mitigating the impact of insider threats in the future
The risk of insider threats can be malicious or accidental, but if not detected and blocked at the right time, they can have a significant impact in terms of the amount of damage they can do to an organization.
In general, an insider threat is a current or former employee, third-party contractor, or business partner who has (or has had) access to an organization’s network or data and uses that access for malicious purposes.
The result can be leakage of confidential information, damage to the organization’s reputation, loss of revenue, theft of intellectual property, loss of market share, and even harm to people
More information and tools to mitigate the risk of insider threats can be found on CISA’s Infrastructure Security website.
https://www.cisa.gov/insider- threat-mitigation
This tool helps organizations assess their ability to defend against and recover from ransomware attacks targeting Information Technology (IT), Operational Technology (OT) and Industrial Control Systems (ICS) assets.
Comments