The US Cybersecurity and Infrastructure Security Agency (CISA) has created a new tool for a step-by-step assessment of the ransomware readiness of organizations.
Released on April 30, 2018, the Ransomware Readiness Assessment (RRA) is a self-assessment tool that helps organizations identify gaps in their security posture and identify areas of weakness to better defend against and recover from ransomware attacks.
This module assesses the level of ransomware threat readiness of orgs regardless of their current cybersecurity maturity.
“The RRA also provides a clear path for improvement and contains an evolving progression of questions tiered by the categories of basic, intermediate, and advanced,” CISA says on the tool’s wiki page. “This is intended to help an organization improve by focusing on the basics first, and then progressing by implementing practices through the intermediate and advanced categories.”
The Cybersecurity Awareness Alliance (CIA) has created the Ransomware Readiness Assessment (RRA) to help organizations avoid experiencing ransomware attacks by evaluating their cybersecurity posture against recognized standards and best practices.
It also outlines the various security measures that asset owners and operators can implement to prevent their OT and IT networks from being infected.
The tool provides an analysis dashboard that displays the assessment results in both the summary and detailed views.
How to use the RRA tool:
Install CSET and then:
- Login or open the CSET app
- Start a new assessment
- Select Maturity Model within the Assessment Configuration screen
- Select Ransomware Readiness Assessment from the Maturity Model screen
Complete the RRA assessment. You may review a tutorial for additional instruction, or the RRA guide found within the tool’s Help menu.
CISA has previously released Aviary and CHIRP tools, which are a PowerShell-based tool for detecting potentially compromised apps and a Python-based forensics tool respectively.
