Date Published: February 2022
Planning Note (02/23/2022):
Also see the companion "quick start guide", Getting Started with Cybersecurity Risk Management: Ransomware.
This report references the NIST Cybersecurity Framework v1.1.
Author(s)
William Barker (Dakota Consulting), William Fisher (NIST), Karen Scarfone (Scarfone Cybersecurity), Murugiah Souppaya (NIST)
Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. Attackers may also steal an organization’s information and demand an additional payment in return for not disclosing the information to authorities, competitors, or the public. This Ransomware Profile identifies the Cybersecurity Framework Version 1.1 security objectives that support identifying, protecting against, detecting, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware events. That includes helping to gauge an organization’s level of readiness to counter ransomware threats and to deal with the potential consequences of events.
Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. Attackers may also steal an organization’s information and demand an additional payment in return for not disclosing the information to authorities, competitors, or the...
See full abstract
Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. Attackers may also steal an organization’s information and demand an additional payment in return for not disclosing the information to authorities, competitors, or the public. This Ransomware Profile identifies the Cybersecurity Framework Version 1.1 security objectives that support identifying, protecting against, detecting, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware events. That includes helping to gauge an organization’s level of readiness to counter ransomware threats and to deal with the potential consequences of events.
Hide full abstract
Keywords
Cybersecurity Framework; detect; identify; protect; ransomware; recover; respond; risk; security
Control Families
None selected