Evaluating encryption with the NIST Protect framework
A variety of cyber security frameworks exist to help organisations in different sectors to go about IT security in a rigorous and controlled manner. To name a few, there’s ISO IEC 27001/ISO 27002, the US NIST Cyber security Framework and the UK NIS Regulations Cyber Assessment Framework. The frameworks are an excellent way to help formalise the process of implementing and maintaining effective cyber security strategies through defined structures containing processes, practices, and technologies which companies can use to secure network and computer systems from security threats.
Attacks still get through: Even with all the time spent and budgets deployed working with cyber security frameworks, however, attacks still get through and data still gets stolen. While it will never be possible to eliminate all data breaches, this paper shows how encryption technology can be used to minimise the loss of information and the resulting impact on the organisation.