The National Institute of Standards and Technology’s (NIST’s) National Cybersecurity Center of Excellence (NCCoE) released two draft practice guides today:

1. Special Publication (SP) 1800-25: Identifying and Protecting Assets Against Ransomware and Other Destructive Events
2. Special Publication (SP) 1800-26: Detecting and Responding to Ransomware and Other Destructive Events

Ransomware, malware, insider threats, and even honest user mistakes present ongoing threats to organizations. All types of data, such as database records, system files, configurations, user files, applications, and customer data, are potential targets of data corruption, modification, and destruction.

Formulating a defense against these threats requires thorough knowledge of the assets within the enterprise and protection of these assets against data corruption and destruction.

Furthermore, quick, accurate, and thorough detection and response to a loss of data integrity can save an organization time, money, and headaches. While human knowledge and expertise are essential components of a defense, the right tools and preparation are essential to minimizing downtime and losses due to data integrity events.

As detailed in these two practice guides, the NCCoE, in collaboration with members of the business community and vendors of cybersecurity solutions, has built example solutions to address these data integrity challenges.