Final Ransomware Risk Management Cybersecurity Framework Profile & Quick Start Guide Released Today!
 Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. In some instances, attackers may also steal an organization’s information and demand an additional payment in return for not disclosing the information to authorities, competitors, or the public. This serious cybersecurity challenge is becoming more widespread.
To help address this challenge, NIST is releasing two guides:
The final Ransomware Risk Management: A Cybersecurity Framework Profile (NISTIR 8374) incorporates feedback from earlier drafts and is based on the broader Cybersecurity Framework Version 1.1. It can be used as a guide to manage the risk of ransomware events—which includes helping to gauge an organization's level of readiness to counter ransomware threats and to deal with the potential consequences of events.
NIST has also developed a companion quick start guide called ‘Getting Started with Cybersecurity Risk Management: Ransomware’ designed for organizations—including those with limited resources to address cybersecurity challenges—to easily understand the advice given in the Profile and to get guidance on what they can begin implementing today. It’s important to recognize that you don’t need to do everything all at once…getting started is the key!
NIST Cybersecurity and Privacy Program
NIST Applied Cybersecurity Division (ACD)
National Cybersecurity Center of Excellence (NCCoE)
Questions/Comments regarding NISTIR 8374 - send email to: ransomware@nist.gov
CSRC Website Questions? Send email to: webmaster-csrc@nist.gov
|
