Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

CISA Adds Ransomware Module to Cyber Security Evaluation Tool

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday announced the release of a new module for its Cyber Security Evaluation Tool (CSET), namely the Ransomware Readiness Assessment (RRA).

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday announced the release of a new module for its Cyber Security Evaluation Tool (CSET), namely the Ransomware Readiness Assessment (RRA).

A Department of Homeland Security (DHS) product, CSET was designed to help organizations assess their security posture, and is applicable to both IT and industrial control system (ICS) networks.

CSET includes a series of requirement questionnaires derived from recognized government and industry standards and can output a list of recommendations that should help organizations improve the security of their networks, in line with best cybersecurity standards, guidelines, and practices.

The new Ransomware Readiness Assessment (RRA) module gets defenders through a step-by-step process to assess their threat readiness in respect to ransomware attacks.

“The RRA is a self-assessment based on a tiered set of practices to help organizations better assess how well they are equipped to defend and recover from a ransomware incident,” CISA explains.

The tool was crafted for several different levels of ransomware threat readiness, so that all types of organizations can use it, regardless of their current preparedness or cybersecurity maturity.

The RRA offers ransomware threat readiness evaluation in a systematic, disciplined, and repeatable manner, helps assess both operational technology (OT) and IT network security practices, and delivers an analysis dashboard with graphs and tables to view assessment results.

Related: CISA Announces Vulnerability Disclosure Policy Platform

Advertisement. Scroll to continue reading.

Related: CISA Issues MITRE ATT&CK Mapping Guide for Threat Intelligence Analysts

Related: U.S. Department of State Approves New Cyberspace Security Bureau

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.