Blog

NIST Has Come Out With Its Own Ransomware Guidance | #RansomwareWeek

Jun 25, 2021

Ransomware-Cybercrime-Cyber-Attack-845470768 As we close out #RansomwareWeek here on the (ISC)² blog, a timely piece of news comes from The National Institute of Standards and Technology (NIST) in the form of new draft guidance for organizations concerning ransomware attacks, according to reporting by Infosecurity Magazine .

As the body responsible for one of the most revered standards frameworks in the world, NIST’s entry into the discussion is remarkable.

According to the Infosecurity Magazine article, “The Cybersecurity Framework Profile for Ransomware Risk Management features advice on how to defend against the malware, what to do in the event of an attack, and how to recover from it. [It] can be used by organizations that have already adopted the NIST Cybersecurity Framework and wish to improve their risk postures. It can also help any organization seeking to implement a risk management framework that deals with ransomware threats.

NIST intends for the new draft guidance to be used in conjunction with the NIST Cybersecurity Framework, other NIST guidance, and guidance issued by DHS and the FBI.

If you’d like to weigh in on what is included in the profile, comments on the new draft Ransomware Profile are being accepted by NIST until July 9. A revised copy will then be released, and a second commentary period will be held prior to a final document being published.

The NIST guidance follows the (ISC)² announcement earlier this week of its offer to provide free access to its Ransomware: Identify, Protect, Detect, Recover PDI course through July 31. It also further confirms the intense interest that ransomware attacks have created both in the private and public sectors, as well as across borders.

As (ISC)² director of education Mirtha Collin remarked, “Ransomware has become one of the hottest topics we’ve seen in years both in cybersecurity practitioner circles, boardrooms, the media and the halls of government. The intense interest has prompted us to extend free access to this course to as many people as possible in an effort to help organizations avoid becoming a victim. The course covers the major distinctions between ransomware and malware, the key characteristics of ransomware attacks, and the protection strategies and remediation plans that should be in place ahead of time.” 

(ISC)² will continue to host conversations about ransomware risk mitigation within the (ISC)² Community, which you can visit here: https://community.isc2.org/t5/Threats/bd-p/Threats .