Executive Summary
- Data integrity attacks have compromised corporate information including emails, employee records, financial records, and customer data.
- Destructive malware, ransomware, malicious insider activity, and even honest mistakes all set the stage for why organizations need to quickly recover from an event that alters or destroys data. Businesses must be confident that recovered data is accurate and safe.
- The National Cybersecurity Center of Excellence (NCCoE) at NIST built a laboratory environment to explore methods to effectively recover from a data corruption event in various Information Technology (IT) enterprise environments. NCCoE also explored auditing and reporting IT system use issues to support incident recovery and investigations.
- This NIST Cybersecurity Practice Guide demonstrates how organizations can develop and implement appropriate actions following a detected cybersecurity event. The solutions outlined in this guide encourage monitoring and detecting data corruption in commodity components— as well as custom applications and data composed of open-source and commercially available components.
- Thorough quantitative and qualitative data collection is important to organizations of all types and sizes. It can impact all aspects of a business including decision making, transactions, research, performance, and profitability, to name a few.
https://csrc.nist.gov/News/2020/sp-1800-11-data-integrity-ransomware-recovery
