Data Security
Data security is the process of maintaining the confidentiality, integrity, and availability of an organization’s data in a manner consistent with the organization’s risk strategy. Before an incident happens, companies must have a security architecture and response plan in place. Once an incident occurs, they must be able to detect the event and respond accordingly. After the incident, the company must be able to recover effectively and efficiently.
NIST’s National Cybersecurity Center of Excellence is actively working with industry experts and technology vendors to address the most pressing data security challenges. These efforts result in practical, standards-based guidance that organizations can implement in part or full to meet their security and privacy needs.
Security Guidance
-
Data Confidentiality: Identifying and Protecting Assets and Data Against Data Breaches
Exploring methods to effectively identify and protect assets against data confidentiality attacksPreparing Draft -
Data Confidentiality: Detect, Respond to, and Recover from Data Breaches
Identifying methods to efficiently detect, respond, and recover from data confidentiality attacksPreparing Draft -
Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events
Exploring methods to effectively identify and protect assets against data integrity attacksFinalized Practice Guide -
Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events
Detailing methods and potential tool sets that can detect, mitigate, and contain data integrity eventsFinalized Practice Guide -
Data Integrity: Recovering from Ransomware and Other Destructive Events
Demonstrates how to effectively recover from a data corruption event in various Information Technology (IT) enterprise environmentsFinalized Practice Guide
Protecting Your Small Business: Ransomware
In this animated story, two professionals discuss ransomware attacks and the impacts it can have on small businesses. Since ransomware is a common threat for small businesses, this video provides an example of how ransomware attacks can happen—along with how to stay prepared, get helpful information, and find support from NIST’s Small Business Cybersecurity Corner website.
Supplemental Resources
The final version of NISTIR 8374 Ransomware Risk Management: A Cybersecurity Framework Profile has been released. This Ransomware Profile identifies the Cybersecurity Framework Version 1.1 security objectives that support identifying, protecting against, detecting, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware events.
A white paper that provides an overview of the three Data Integrity projects and how they align with the NIST Cybersecurity Framework. This paper offers a high-level explanation of the architecture and capabilities, and it explains how these projects can be brought together into one comprehensive data integrity solution. You can also view the recording of our recent workshop.
Join the Community of Interest
A Community of Interest (COI) is a group of professionals and advisors that share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Members typically meet monthly by teleconference. Share your expertise and consider becoming a member of this project's COI.
