Data security is the process of maintaining the confidentiality, integrity, and availability of an organization’s data in a manner consistent with the organization’s risk strategy. Preventing unauthorized access, data corruption, and denial of service attacks are all important tenets of data security and an essential aspect of IT for organizations of every size and type. Consistent, reliable, and secure access to database records, system files, user files, and customer data is necessary to prevent data from becoming vulnerable to attack. Before an incident begins, companies must have a security architecture and response plan in place. Once an incident occurs, they must be able to detect the event and respond accordingly. After the incident, the company must be able to effectively and efficiently recover.
In accordance with this methodology, the Data Security program at the NCCoE has produced guidance for both data integrity and data confidentiality. Each will consist of a series of publications that work together to identify, protect, detect, respond to and recover from critical events.
If you have questions or would like to join our Community of Interest, please email the project team at firstname.lastname@example.org.
Also, if you would like to get involved in our ransomware guidance, please contact us with any comments, questions or suggestions at email@example.com, view the recording of our recent workshop, and review our recently released draft NISTIR 8374: Cybersecurity Framework Profile for Ransomware Risk Management.
Providing an overview of the three Data Integrity projects and how they align with the NIST Cybersecurity Framework. Download the paper here.
Exploring methods to effectively identify and protect assets against data integrity attacks. Learn more about this project and download the NIST Cybersecurity Practice Guide 1800-25.
Detailing methods and potential tool sets that can detect, mitigate, and contain data integrity events. Learn more about this project and download the NIST Cybersecurity Practice Guide 1800-26.
Effectively recover from a data corruption event in various Information Technology (IT) enterprise environments. Learn more about this project and download the NIST Cybersecurity Practice Guide 1800-11.
Exploring methods to effectively identify and protect assets against data confidentiality attacks. Learn more about this project.
Identifying methods to efficiently detect, respond, and recover from data confidentiality attacks. Learn more about this project.