Detecting and Responding to Ransomware


The CIA triad represents the three pillars of information security: confidentiality, integrity, and availability, as follows.

  • Confidentiality – preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information
  • Integrity – guarding against improper information modification or destruction and ensuring information non-repudiation and authenticity
  • Availability – ensuring timely and reliable access to and use of information

This series of practice guides focuses on data integrity: the property that data has not been altered in an unauthorized manner. Data integrity covers data in storage, during processing, and while in transit. (Note: These definitions are from National Institute of Standards and Technology (NIST) Special Publication (SP) 800-12 Rev 1, An Introduction to Information Security.)

  • Destructive malware, ransomware, malicious insider activity, and even honest mistakes all set the stage for why organizations need to detect and respond to an event that impacts data integrity. Businesses must be confident that these events are detected in a timely fashion and responded to appropriately.
  • Attacks against an organization’s data can compromise emails, employee records, financial records, and customer information—impacting business operations, revenue, and reputation.
  • Examples of data integrity attacks include unauthorized insertion, deletion, or modification of data to corporate information such as emails, employee records, financialrecords, and customer data.
  • The National Cybersecurity Center of Excellence (NCCoE) at NIST built a laboratory environment to explore methods to effectively detect and respond to a data integrity event in various information technology (IT) enterprise environments, to immediately react to the event in an effort to prevent a complete compromise.
  • This NIST Cybersecurity Practice Guide demonstrates how organizations can develop and implement appropriate actions during a detected data integrity cybersecurity event.

Leave a Reply

Your email address will not be published. Required fields are marked *