Advertisement

NIST project shows how to recover data after cyberattack

Outlined in a white paper released Tuesday, the NIST office partnered with the Financial Services Information Sharing and Analysis Center (FS-ISAC) to create examples of how companies can prepare for and mitigate damage from various kinds of cyber attacks.

A new project from the National Cybersecurity Center of Excellence aims to help businesses protect their data after they’ve suffered an attack.

Outlined in a white paper released Tuesday, the NIST office partnered with the Financial Services Information Sharing and Analysis Center, known as FS-ISAC, to create case studies for how companies can prepare for and mitigate damage from various kinds of cyberattacks. The project will go on to explore methods for recovering operating systems, databases, user files, applications and system configurations.

“Ensuring data integrity is about mitigating business risk and maintaining consumer confidence,” John Carlson, FS-ISAC chief of staff, said in a release. “The FS-ISAC will continue working with the NCCoE, as well as industry and federal agencies, to identify solutions for reducing the impact of data integrity attacks, such as destructive malware.”

In the document, businesses are given examples of how to deal with ransomware attacks, data manipulation from insider threats, and malware that encrypts data, writes over original unencrypted content and then deletes the encryption keys.

Advertisement

The white paper, which is currently a draft, is part of a project developed out of a June NIST technical workshop and the White House’s Summit on Cybersecurity on Consumer Protection in February.

Feedback on the project will be used to craft a NIST cybersecurity practice guide, which will direct organizations on how to implement a cybersecurity reference design that allows for better data recovery.

Comments on the white paper can be submitted to NIST until Jan. 18, 2016.

Read the white paper below.

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts