Data Confidentiality: Identifying and Protecting Assets and Data Against Data Breaches

An organization must protect its information from unauthorized access and disclosure. Data breaches large and small can have far-reaching operational, financial, and reputational impacts. The goal of this project is to provide a practical solution to identify and protect the confidentiality of an enterprise’s data. This solution identifies what assets (devices, data, and applications) may be affected by an incident as well as the vulnerabilities they may possess that allow incidents to occur. It also explores protection measures to mitigate or remediate these vulnerabilities. The solution will provide measures such as data protection, access controls, network protections, and other potential defenses. The project team will create a reference design and a detailed description of the practical steps needed to implement a secure solution based on standards and best practices. This project will result in a freely available NIST Cybersecurity Practice Guide.