Data Security

Data security is the process of maintaining the confidentiality, integrity, and availability of an organization’s data in a manner consistent with the organization’s risk strategy. Before an incident happens, companies must have a security architecture and response plan in place. Once an incident occurs, they must be able to detect the event and respond accordingly. After the incident, the company must be able to recover effectively and efficiently.

NIST’s National Cybersecurity Center of Excellence is actively working with industry experts and technology vendors to address the most pressing data security challenges. These efforts result in practical, standards-based guidance that organizations can implement in part or full to meet their security and privacy needs.

Security Guidance

Protecting Your Small Business: Ransomware

In this animated story, two professionals discuss ransomware attacks and the impacts it can have on small businesses. Since ransomware is a common threat for small businesses, this video provides an example of how ransomware attacks can happen—along with how to stay prepared, get helpful information, and find support from NIST’s Small Business Cybersecurity Corner website.

Supplemental Resources

The final version of NISTIR 8374 Ransomware Risk Management: A Cybersecurity Framework Profile has been released. This Ransomware Profile identifies the Cybersecurity Framework Version 1.1 security objectives that support identifying, protecting against, detecting, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware events.

Securing Data Integrity Against Ransomware Attacks: Using the NIST Cybersecurity Framework and NIST Cybersecurity Practice Guides

A white paper that provides an overview of the three Data Integrity projects and how they align with the NIST Cybersecurity Framework. This paper offers a high-level explanation of the architecture and capabilities, and it explains how these projects can be brought together into one comprehensive data integrity solution. You can also view the recording of our recent workshop.

View the paper Get involved with our ransomware guidance
Metal arrow pointing upward

Join the Community of Interest

A Community of Interest (COI) is a group of professionals and advisors that share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Members typically meet monthly by teleconference. Share your expertise and consider becoming a member of this project's COI.

Request to join
Employee speaking on video call with colleagues on online briefing with laptop at home