Hi All,
NIST recently published: Insider Risk Mitigation Program Evaluation (IRMPE)
The tool is a downloadable PDF that asks users key questions about their existing enterprise, focusing on the domains of Program Management, Personnel and Training, and Data Collection and Analysis. The interactive PDF, from which CISA collects no data or personal information, will allow users to receive scores representing maturity indicators that objectively evaluate their immunity to insider threat incidents. The response also includes guidance to interpret the numbers and provides suggested measures. The Insider Risk Self-Assessment is one more way CISA is working with public and private stakeholders at the federal, state, local, and community levels to prevent and mitigate risk to our Nation's critical infrastructure.
Insider Risk Mitigation Program Evaluation (IRMPE): Assessment Instrument
https://www.cisa.gov/sites/default/files/publications/IRMPE_Assessment_v1_2021-10-12.pdf - Form to be completed
Attached:
IRMPE Question Set and Guidance
IRMPE Quick Start Guide
IRMPE User Guide
IRMPE One-Pager
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------