Insider threats pose significant risk to the safety and security of America’s critical infrastructure and the organizations that keep infrastructure operational. The Insider Risk Self-Assessment is a tool to assist owners and operators or organizations, especially small and mid-sized ones who may not have in-house security departments, to gauge their vulnerability to an insider threat incident.
The tool is a downloadable PDF that asks users key questions about their existing enterprise, focusing on the domains of Program Management, Personnel and Training, and Data Collection and Analysis. The interactive PDF, from which CISA collects no data or personal information, will allow users to receive scores representing maturity indicators that objectively evaluate their immunity to insider threat incidents. The response also includes guidance to interpret the numbers and provides suggested measures. The Insider Risk Self-Assessment is one more way CISA is working with public and private stakeholders at the federal, state, local, and community levels to prevent and mitigate risk to our Nation’s critical infrastructure.