Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events

Ransomware, destructive malware, insider threats, and even honest user mistakes present ongoing threats to organizations. Organizations’ data, such as database records, system files, configurations, user files, applications, and customer data, are all potential targets of data corruption, modification, and destruction. Formulating a defense against these threats requires two things: a thorough knowledge of the assets within the enterprise, and the protection of these assets against the threat of data corruption and destruction. The NCCoE, in collaboration with members of the business community and vendors of cybersecurity solutions, has built an example solution to address these data integrity challenges.

[1]  Joint Task Force Transformation Initiative Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach , 2014 .

[2]  Michael Ekstrom,et al.  Data Integrity: Recovering from Ransomware and Other Destructive Events , 2018, 2018 IEEE Cybersecurity Development (SecDev).

[3]  Karen A. Scarfone,et al.  Guide to Malware Incident Prevention and Handling for Desktops and Laptops , 2013 .

[4]  Peter Mell,et al.  Guide to Malware Incident Prevention and Handling , 2005 .

[5]  Joint Task Force Transformation Initiative,et al.  Security and Privacy Controls for Federal Information Systems and Organizations , 2013 .

[6]  Timothy Grance,et al.  Guide to Integrating Forensic Techniques into Incident Response , 2006 .

[7]  David Waltermire,et al.  Guide to Cyber Threat Information Sharing , 2016 .

[8]  Karen A. Scarfone,et al.  Guide for Cybersecurity Event Recovery , 2016 .

[9]  Karen A. Scarfone,et al.  Guide to Enterprise Patch Management Technologies , 2013 .

[10]  Pandapotan Sianipar Microsoft Windows 10 , 2019 .

[11]  D. Richard Kuhn,et al.  Attribute-Based Access Control , 2017, Computer.

[12]  Marianne Swanson,et al.  Contingency Planning Guide for Federal Information Systems , 2010 .

[13]  P. Bowen,et al.  Information Security Handbook: A Guide for Managers , 2006 .

[14]  Matthew P. Barrett,et al.  Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 (Arabic translation) , 2018 .

[15]  Karen Kent,et al.  Guide to Computer Security Log Management , 2006 .

[16]  Timothy Grance,et al.  Computer Security Incident Handling Guide | NIST , 2004 .