Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Data Security: Where We’ve Been and Where We’re Going

Data Security
Credit: Shutterstock

Cybersecurity threats are nothing new. There have been so many media reports about data breaches and how they affect our daily lives that it can be overwhelming. Can organizations stop these breaches before our financial, health, and other personal information is compromised? How? If a breach is occurring, how does an organization find out quickly? And if a breach has already happened, how can we respond?

These questions — and many others — are being tackled every day by the Data Security team at NIST’s National Cybersecurity Center of Excellence (NCCoE). This team produces guidance to help organizations maintain the confidentiality, integrity, and availability of their data in a manner consistent with the NCCoE Healthcare Team and other industry sector groups that focus on at-risk consumer and patient data.

In 2017, NIST published Special Publication 1800-11, Data Integrity: Recovering from Ransomware and Other Destructive Events, a practical, hands-on guide that provides example solutions organizations can use to help recover from data breaches. The team received positive feedback and several requests: How can we identify and protect our assets against these breaches before they have a chance to happen? And can we detect, contain, and respond to data integrity events while they are happening? Knowing how to recover from these events is essential.

The Data Security team stepped up to the challenge and proposed two new projects and developed two project descriptions. Alongside technology collaborators, the team started working on the example solutions needed to develop two additional NIST practice guides: Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events and Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events

Specifically, how will these practice guides help organizations? Reducing the likelihood of destructive events like a cyberattack is best accomplished by implementing a cyber defense strategy, and the examples in these guides provide the tools to do that. A cyber defense strategy allows organizations to develop inventory systems and identify vulnerabilities before an attack. But should an attack happen, these solutions help organizations analyze, mitigate, and contain those events. This can lessen the impact on worker productivity and reduce or avoid any financial or reputational damage.

These two data integrity practice guides will be publicly available in the coming months. But the Data Security team isn’t done. This time, the team is concentrating on two more projects that focus specifically on data confidentiality. The draft project descriptions for Data Confidentiality: Identifying and Protecting Assets and Data Against Data Breaches and Data Confidentiality: Detect, Respond to, and Recover from Data Breaches were released this past summer. The team has incorporated public comments and will release a Federal Register Notice soon. At that point, they can identify technology collaborators and begin to build the next set of example solutions. 

Keep an eye on the NCCoE Data Security page to watch the progress of these (and future) projects. And if you’d like to participate by providing comments, offer suggestions for future topics, or help build projects, please email ds-nccoe [at] nist.gov (ds-nccoe[at]nist[dot]gov) to join our Community of Interest!
 

About the author

Milissa McGinnis

Milissa McGinnis is a MITRE contractor working as a Senior Communications and Outreach Strategist alongside NIST staff at its National Cybersecurity Center of Excellence (NCCoE). She spent nearly 20 years working on U.S. Agency for International Development (USAID) contracts, where she managed communication projects for reducing counterfeit medicines, decreasing gender-based violence, and increasing global food security, among many others. She received her B.A. in International Affairs from Florida State University and her M.A. in International Relations and Intercultural Communications from Syracuse University.

Comments

Add new comment

CAPTCHA
Image CAPTCHA
Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Please be respectful when posting comments. We will post all comments without editing as long as they are appropriate for a public, family friendly website, are on topic and do not contain profanity, personal attacks, misleading or false information/accusations or promote specific commercial products, services or organizations. Comments that violate our comment policy or include links to non-government organizations/web pages will not be posted.