Content Assessment: Considering Ransomware Risk Management? A Cybersecurity Framework Profile from NIST
Information - 90%
Insight - 95%
Relevance - 100%
Objectivity - 95%
Authority - 95%
A short percentage-based assessment of the qualitative benefit of the newly published report from NIST on ransomware risk management.
The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity issues. Recently the NCCoE released a revised draft report, NIST Interagency or Internal Report (NISTIR) 8374, Cybersecurity Framework Profile for Ransomware Risk Management, for public comment. This revised draft addresses the public comments provided for the preliminary draft released in June 2021. The public comment period is open through October 8, 2021. This report may be beneficial for cybersecurity, information governance, and eDiscovery professionals considering ransomware risk management.
Announcement and Report*
Cybersecurity Framework Profile for Ransomware Risk Management
, , ,
Ransomware is a type of malware that encrypts an organization’s data and demands payment as a condition of restoring access to that data. In some instances, ransomware may also steal an organization’s information and demand additional payment in return for not disclosing the information to authorities, competitors, or the public. Ransomware attacks target organizations’ data or critical infrastructure, disrupting or halting operations.
This report defines a Ransomware Profile, which identifies security objectives from the NIST Cybersecurity Framework that support preventing, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware events. That includes helping gauge an organization’s level of readiness to mitigate ransomware threats and to react to the potential impact of events.
- SOARing Costs? Considering Data Breach Economics
- Defining Cyber Discovery? A Definition and Framework