Data Security

Data security is the process of maintaining the confidentiality, integrity, and availability of an organization’s data in a manner consistent with the organization’s risk strategy. Preventing unauthorized access, data corruption, and denial of service attacks are all important tenets of data security and an essential aspect of IT for organizations of every size and type. Consistent, reliable, and secure access to database records, system files, user files, and customer data is necessary to prevent data from becoming vulnerable to attack. Before an incident begins, companies must have a security architecture and response plan in place. Once an incident occurs, they must be able to detect the event and respond accordingly. After the incident, the company must be able to effectively and efficiently recover.

In accordance with this methodology, the Data Security program at the NCCoE has produced guidance for both data integrity and data confidentiality. Each will consist of a series of publications that work together to identify, protect, detect, respond to and recover from critical events.

If you have questions or would like to join our Community of Interest, please email the project team at ds-nccoe@nist.gov.

Data Integrity: Identifying and Protecting

Exploring methods to effectively identify and protect assets against data integrity attacks. Learn more about this project.

Data Integrity: Detecting and Responding

Detailing methods and potential tool sets that can detect, mitigate, and contain data integrity events. Learn more about this project.

Data Integrity: Recovering

Effectively recover from a data corruption event in various Information Technology (IT) enterprise environments. Learn more about this project and download the NIST Cybersecurity Practice Guide 1800-11.

Data Confidentiality: Identifying and Protecting

Exploring methods to effectively identify and protect assets against data confidentiality attacks. Learn more about this project.

Data Confidentiality: Detect, Respond, and Recover

Identifying methods to efficiently detect, respond, and recover from data confidentiality attacks. Learn more about this project.