Outcome will be an easily adaptable cybersecurity solution for identifying and protecting assets and data against data breaches
An organization’s data is one of its most valuable assets and must be protected from unauthorized access and disclosure.
Large and small data breaches impact the ability of an organization to survive when data such as operational, financial, employee, or customer personally identifiable information becomes compromised. Breaches undermine an organization’s work and success and lead to severe reputational damage.
In response to continuing data breaches, the new NCCoE project seeks to provide the industry with a practical solution for identifying and protecting enterprise data confidentiality. This includes identifying assets (devices, data, and applications) that may be affected by an incident and what vulnerabilities those assets may possess allowing incidents to occur. The project will explore mitigating or remediating protection measures for identified vulnerabilities.
Using measures such as data protection, access controls, network protections, and other potential defenses, the project team will create a reference design and a detailed description of the practical steps needed to implement a secure solution based on standards and best practices. This project will result in a freely available NIST Cybersecurity Practice Guide.
Dispel is joined by collaborators Avrio Software, Cisco, FireEye, GreenTec, PKWARE, StrongKey, and Symantec in supporting the NCCoE.
This project will also provide guidance on data confidentiality paralleling another NCCoE program titled Detect, Respond to, and Recover from Data Breaches.