NIST Working on Data Security Guide

Thursday, December 3, 2015 @ 02:12 PM gHale

Data breaches that came to light in the past 12 months remain top of mind and to help combat that cyber threat, the National Institute of Standards and Technology (NIST) is seeking comments on a new project that would help organizations prepare for and recover from data attacks.

NIST’s National Cybersecurity Center of Excellence is asking for comments on a white paper titled “Data Integrity: Reducing the impact of an attack.”

Cyber Evaluation Tool Update Releases
Security Tool Shifts to Private Sector
Practice Guide for Utilities from NIST
Collaborators Sought for Security Projects

“Constant threats of destructive malware, malicious insider activity and even honest mistakes create the imperative for organizations to be able to quickly recover from an event that alters or destroys any form of data,” the paper said. “Multiple systems need to work together to prevent, detect, notify and recover when data integrity is jeopardized.”

The end result of NIST’s project will be a publicly available “Cybersecurity Practice Guide” in the Special Publication 1800 series that will describe the steps to implement a solution that addresses these cyber challenges.

The project aims to answer four main questions:
1. What data was corrupted; when, how and by whom?
2. Do any other events coincide with this corruption?
3. What systems ended up affected by the corruption?
4. Which backup version should end up used to recover data?

It will also address three solution areas, including file system integrity, database integrity, and an overall automated system that incorporates those two solutions in addition to activity monitoring, versioning solutions, restoration of critical services and devices after incidents, and alert systems.

“We are excited to be working with [Financial Services Information Sharing and Analysis Center] and the broader consumer community to tackle this important, cross-sector cybersecurity challenge,” said Nate Lesser, the center’s deputy director. “FS-ISAC has done important work to further the research and development of data integrity solutions for the financial services sector, and this collaboration is vital to this project’s development.”

“Ensuring data integrity is about mitigating business risk and maintaining consumer confidence,” added John Carlson, FS-ISAC’s chief of staff.