Wipers, ransomware, and malicious insiders all pose a threat to organizations in that they can destroy corporate data. In response, many companies have processes in place that can help them recover from these and other types of data corruption events. But these strategies beg the question: how can organizations know that the data they recover is accurate and safe?
To help companies answer that question, the National Cybersecurity Center of Excellence (NCCoE) has released the NIST Cybersecurity Practice Guide SP 1800-11, Data Integrity: Recovering from Ransomware and Other Destructive Events. The resource provides guidance on how organizations can develop strategies to recover operating systems, user files, applications, and other IT assets from data corruption events such as ransomware. NCCoE's newest SP also discusses issues of auditing, reporting, and investigations following companies' discovery of such destructive security incidents.
The National Cybersecurity Center of Excellence, a collaborative hub which operates within the National Institute of Standards and Technology, began a new project that sought to address the challenge of companies recovering from data corruption events by in part working with vendors of digital security solutions. One of the companies to which it reached out was Tripwire. Jim Wachhaus, director of technology alliances at Tripwire, elaborates on this collaboration:
"In May of 2013, Tripwire signed a Memorandum of Understanding with the National Cybersecurity Center of Excellence. Later, when the NCCoE put out a call for vendors with technologies in the data integrity building block in May of 2016, Tripwire enthusiastically answered the call! We signed a cooperative research and development agreement in February 2017, granting the center access to both Tripwire Enterprise and Tripwire Log Center. And we were off to the races. Clearly, the project had some tail wind at this point, as the draft arrived at the beginning of September 2017."
NIST's Cybersecurity Practice Guide SP 1800-11 has something for everyone in the industry. Executives can use it to help them reduce downtime, lessen the operational impact, and adopt a proactive recovery approach from a data corruption event. Along those same lines, IT professionals can leverage the guide to map industry-specific standards to their organization, learn how they can help their leadership understand the risks surrounding corrupted data, and develop security best practices of tomorrow. The National Cybersecurity Center of Excellence will be accepting comments for a draft of this special publication until 6 November 2017. Towards that end, you can read a full draft of NIST Cybersecurity Practice Guide SP 1800-11 here and can submit your comments and feedback here.
