Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. In some instances, attackers may also steal an organization’s information and demand an additional payment in return for not disclosing the information to authorities, competitors, or the public. This Ransomware Profile identifies the Cybersecurity Framework Version 1.1 security objectives that support preventing, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware events. That includes helping to gauge an organization's level of readiness to counter ransomware threats and to deal with the potential consequences of events.
For those that have not used the CSF prior, the CSF focuses on 5 categories (Identify, Protect, Detect, Respond, and Recover) which under them contain numerous subcategories. These subcategories are then mapped to specific controls under various frameworks such as NIST 800-53, COBIT 5, ISO, CIS CSC and ISA. By leveraging this existing control framework, NIST utilized the existing control mapping to both NIST 800-53 and ISO 27001 and then selected specific controls from each of these that focus on policy and processes related to ransomware prevention and incident response. An organization wanting to assess its capabilities would then focus on either the NIST 800-53 or ISO defined controls, based on their internal selected control framework.
NIST is currently seeking public feedback on the framework up to July 9th, 2021, from which they will review and potentially edit the framework based on the feedback. While it cannot be determined how much will change based on public comments, the expectation is that it will not be substantial when the framework is finalized. If your organization has concerns around ransomware protection, detection, and response, NIST has got your back with another one of their industry recognized frameworks.
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.