The National Institute of Standards and Technology’s cybersecurity center has issued two special publications to help identify, detect and respond to data breaches.
The documents released Friday by the National Cybersecurity Center of Excellence also guides organizations on how to protect their assets and recover from such attacks.
The two publications explain data security based on the triad of confidentiality, integrity and availability. They also adopted principles based on NIST Cybersecurity Framework 1.1.
SP 1800-28 includes a detailed discussion of multifactor authentication solutions to prevent phishing attacks on enterprise systems. It contains a flow diagram on MFA using virtual desktop interface software as well as protected network sharing of sensitive information.
SP 1800-29 suggests procedures to resolve incidents of ransomware, accidental email and laptop loss, misuse of access privileges and electronic eavesdropping. NCCoE shares how to monitor privacy using logging and network detection platforms.
Both documents are directed at chief information security officers, chief technology officers and similar business decision-makers, as well as IT professionals and program managers designated for technology, security and privacy.
