Date Published: November 2017
Comments Due:
Email Questions to:
Author(s)
Timothy McBride (NIST), Michael Ekstrom (MITRE), Lauren Lusty (MITRE), Julian Sexton (MITRE), Anne Townsend (MITRE)
Announcement
This project from the National Cybersecurity Center of Excellence (NCCoE) will detail methods and potential tool sets that can detect, mitigate, and contain data integrity events in the components of an enterprise network. It will also identify tools and strategies to aid in a security team’s response to such an event. The project will result in a freely available NIST Cybersecurity Practice Guide, documenting an example solution that demonstrates how to perform the following actions:
- monitor integrity;
- logging and data correlation;
- manage vulnerabilities; and
- report unauthorized or malicious activity.
Ransomware, destructive malware, insider threats, and even honest mistakes present an ongoing threat to organizations that manage data in various forms. Database records and structure, system files, configurations, user files, application code, and customer data are all potential targets of data corruption and destruction. A quick, accurate, and thorough detection and response to a loss of data integrity can save an organization time, money, and headaches. While human knowledge and expertise is an essential component of these tasks, the right tools and preparation are essential to minimizing downtime and losses due to data integrity events. The NCCoE, in collaboration with members of the business community and vendors of cybersecurity solutions, will build an example solution to address these data integrity challenges. This project will detail methods and potential tool sets that can detect, mitigate, and contain data integrity events in the components of an enterprise network. It also will identify tools and strategies to aid in a security team’s response to such an event.
Ransomware, destructive malware, insider threats, and even honest mistakes present an ongoing threat to organizations that manage data in various forms. Database records and structure, system files, configurations, user files, application code, and customer data are all potential targets of data...
See full abstract
Ransomware, destructive malware, insider threats, and even honest mistakes present an ongoing threat to organizations that manage data in various forms. Database records and structure, system files, configurations, user files, application code, and customer data are all potential targets of data corruption and destruction. A quick, accurate, and thorough detection and response to a loss of data integrity can save an organization time, money, and headaches. While human knowledge and expertise is an essential component of these tasks, the right tools and preparation are essential to minimizing downtime and losses due to data integrity events. The NCCoE, in collaboration with members of the business community and vendors of cybersecurity solutions, will build an example solution to address these data integrity challenges. This project will detail methods and potential tool sets that can detect, mitigate, and contain data integrity events in the components of an enterprise network. It also will identify tools and strategies to aid in a security team’s response to such an event.
Hide full abstract
Keywords
data integrity; malware; ransomware; attack vector; malicious actor; malware detection; malware response
Control Families
Access Control; Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Physical and Environmental Protection; Program Management; Risk Assessment; System and Services Acquisition; System and Communications Protection; System and Information Integrity
