CONFERENCE Watch Now: Threat Detection & Incident Response (TDIR) Summit - Watch Event On-Demand
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

New CISA Tool Helps Organizations Assess Insider Threat Risks

The United States Cybersecurity and Infrastructure Security Agency (CISA) this week released a tool to help organizations assess their insider threat risk posture.

The United States Cybersecurity and Infrastructure Security Agency (CISA) this week released a tool to help organizations assess their insider threat risk posture.

Suitable for organizations in both public and private sectors, the Insider Risk Mitigation Self-Assessment Tool provides users with feedback based on responses to a series of questions.

Furthermore, the tool aims to deliver a better understanding of the nature of insider threats, to help users start their own prevention and mitigation programs.

As CISA points out, insider threats represent a major risk to any organization due to the fact that knowledge and trust are placed in the hands of the adversary, which could be an employee, a contractor, or other individuals who have inside knowledge.

A malicious insider could compromise sensitive information, steal intellectual property, or even physically harm people. The results of such an action include damage to the organization’s reputation, revenue loss, and reduced market share.

The Insider Risk Mitigation Self-Assessment Tool first assesses whether an organization has in place all the requirements for an insider risk program and whether employees have been trained on the risks associated with insider threats, and then attempts to identify whether the organization is well-positioned to respond to an insider threat.

“CISA urges all our partners, especially small and medium businesses who may have limited resources, to use this new tool to develop a plan to guard against insider threats. Taking some small steps today can make a big difference in preventing or mitigating the consequences of an insider threat in the future,” said CISA Executive Assistant Director for Infrastructure Security David Mussington.

Related: CISA Adds Ransomware Module to Cyber Security Evaluation Tool

Advertisement. Scroll to continue reading.

Related: CISA Issues MITRE ATT&CK Mapping Guide for Threat Intelligence Analysts

Related: CISA Issues Guidance on Protecting Data From Ransomware

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.