Ransomware Self-Assessment Tool Version 2

The Conference of State Bank Supervisors (CSBS) recently released the Ransomware Self-Assessment Tool version 2.0. As noted by CSBS, the tool is designed to “help financial institutions periodically assess their efforts to mitigate risks associated with ransomware and identify gaps for increasing security.” The tool is not required from a regulatory perspective, but knowing risk posture is. Consider the CSBS tool as another asset in your arsenal to help fight the scourge of ransomware and hopefully prevent the institution from becoming a victim.

While completing the worksheet, do not silo the effort. Involve key players to gain different perspectives than that of just the IT department or the Information Security Officer. Consider reviewing the results with senior management, steering committees, and the board of directors. Lastly, take the lessons that are learned, update the IT risk assessment, and apply changes to general controls to cover any identified gaps.

To download the latest version of the CSBS Ransomware Self-Assessment Tool visit https://www.csbs.org/ransomware-self-assessment-tool. And, for our clients that are not specifically considered “banks” or financial institutions, there is a Non-bank Ransomware Self-Assessment Tool provided at the same link as above.

As always, if there are any questions about ransomware or any other cyber security subject, please reach out. We’re here to help.

Authored by: Mike Smith, CBISO