Network administrators and information security officers have an opportunity to assess new tools and guides to stem the steady flow of ransomware, malware, insider threats, and even honest user mistakes, which challenge businesses and government organizations alike. All types of data, such as database records, system files, configurations, user files, applications, and customer data, are potential targets of data corruption, modification and destruction, the National Institute of Standards and Technology reported.
Formulating a defense against these threats requires thorough knowledge of the assets within the enterprise and protection of these assets against data corruption and destruction.
Organizations that do not implement identification and protection solutions risk many types of data integrity attacks. These risks could be reduced using capabilities such as: secure storage; backup capabilities for databases; VMs, and file systems; log collection; asset inventory; and file integrity checking mechanisms.
Quick, accurate, and thorough detection and response to a loss of data integrity can save an organization time, money and worries. While human knowledge and expertise are essential components of a defense, the right tools and preparation are essential to minimizing downtime and losses due to data integrity incidents.
The NCCoE, in collaboration with the business community and cybersecurity solutions vendors, built example solutions to address these data integrity challenges in the draft pubs:
The public comment period for these two practice guides is open until Feb. 26, 2020. Please submit your comments by email to firstname.lastname@example.org or through the SP 1800-25 online comment form or the SP 1800-26 online comment form.
Interested in joining the Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events Community of Interest? Send an email to email@example.com.
More information can be found on the NCCoE website – https://www.nccoe.nist.gov/.