The United States Cybersecurity and Infrastructure Security Agency (CISA) this week released a tool to help organizations assess their insider threat risk posture.
Suitable for organizations in both public and private sectors, the Insider Risk Mitigation Self-Assessment Tool provides users with feedback based on responses to a series of questions.
Furthermore, the tool aims to deliver a better understanding of the nature of insider threats, to help users start their own prevention and mitigation programs.
As CISA points out, insider threats represent a major risk to any organization due to the fact that knowledge and trust are placed in the hands of the adversary, which could be an employee, a contractor, or other individuals who have inside knowledge.
A malicious insider could compromise sensitive information, steal intellectual property, or even physically harm people. The results of such an action include damage to the organization’s reputation, revenue loss, and reduced market share.
The Insider Risk Mitigation Self-Assessment Tool first assesses whether an organization has in place all the requirements for an insider risk program and whether employees have been trained on the risks associated with insider threats, and then attempts to identify whether the organization is well-positioned to respond to an insider threat.
“CISA urges all our partners, especially small and medium businesses who may have limited resources, to use this new tool to develop a plan to guard against insider threats. Taking some small steps today can make a big difference in preventing or mitigating the consequences of an insider threat in the future,” said CISA Executive Assistant Director for Infrastructure Security David Mussington.
Related: CISA Adds Ransomware Module to Cyber Security Evaluation Tool
Related: CISA Issues MITRE ATT&CK Mapping Guide for Threat Intelligence Analysts
Related: CISA Issues Guidance on Protecting Data From Ransomware

More from Ionut Arghire
- CISA, NSA Issue Guidance for IAM Administrators
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- ‘Badsecrets’ Open Source Tool Detects Secrets in Many Web Frameworks
- Chrome 111 Update Patches High-Severity Vulnerabilities
- BreachForums Shut Down Over Law Enforcement Takeover Concerns
- Ransomware Will Likely Target OT Systems in EU Transport Sector: ENISA
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
Latest News
- TikTok CEO Grilled by Skeptical Lawmakers on Safety, Content
- CISA, NSA Issue Guidance for IAM Administrators
- Analysis: SEC Cybersecurity Proposals and Biden’s National Cybersecurity Strategy
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Cisco Patches High-Severity Vulnerabilities in IOS Software
- ‘Nexus’ Android Trojan Targets 450 Financial Applications
- Tackling the Challenge of Actionable Intelligence Through Context
- Dole Says Employee Information Compromised in Ransomware Attack
