Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events

Published

Author(s)

Jennifer L. Cawthra, Michael R. Ekstrom, Lauren N. Lusty, Julian T. Sexton, John E. Sweetnam, Anne R. Townsend

Abstract

Ransomware, destructive malware, insider threats, and even honest user mistakes present ongoing threats to organizations. Organizations' data, such as database records, system files, configurations, user files, applications, and customer data, are all potential targets of data corruption, modification, and destruction. Formulating a defense against these threats requires two things: a thorough knowledge of the assets within the enterprise, and the protection of these assets against the threat of data corruption and destruction. The NCCoE, in collaboration with members of the business community and vendors of cybersecurity solutions, has built an example solution to address these data integrity challenges. Multiple systems need to work together to identify and protect an organization's assets against the threat of corruption, modification, and destruction. This project explores methods to effectively identify assets (devices, data, and applications) that may become targets of data integrity attacks, as well as the vulnerabilities in the organization's system that facilitate these attacks. It also explores methods to protect these assets against data integrity attacks using backups, secure storage, integrity checking mechanisms, audit logs, vulnerability management, maintenance, and other potential solutions.
Citation
Special Publication (NIST SP) - 1800-25
Report Number
1800-25

Keywords

attack vector, asset awareness, data integrity, data protection, malicious actor, malware, ransomware

Citation

Cawthra, J. , Ekstrom, M. , Lusty, L. , Sexton, J. , Sweetnam, J. and Townsend, A. (2020), Data Integrity: Identifying and Protecting Assets Against Ransomware and Other Destructive Events, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.1800-25 (Accessed October 21, 2021)
Created December 7, 2020, Updated December 8, 2020