Resources for Ransomware Risk Management

Ransomware is a persistent risk to organizations of all sizes and sectors, and addressing this risk requires collaboration across the public and private sectors to develop practical resources for organizations to reduce their ransomware risks.

Speakers from the National Institute of Standards and Technology (NIST), the Center for Internet Security (CIS), and the Institute for Security and Technology (IST) will provide an overview of available ransomware risk management resources that help organizations get started with ransomware risk management by establishing foundational safeguards and building from there. Two resources that will be featured include: 

• NIST Ransomware Risk Management CSF 2.0 Community Profile—published as an Initial Public Draft on January 13, 2025, reflects changes made to the Cybersecurity Framework (CSF) from CSF 1.1 to CSF 2.0 which identifies security objectives that support managing, detecting, responding to, and recovering from ransomware events. The publication can be used to gauge an organization’s readiness to counter ransomware threats, mitigate potential consequences of a ransomware event, and to develop a ransomware countermeasure playbook.
• The IST and the Ransomware Task Force Blueprint for Ransomware Defense—which provides small to medium-sized enterprises (SMEs) with an actionable framework to defend against the most common attacks. It is comprised of a subset of Implementation Group 1 (IG1) Safeguards from the CIS Critical Security Controls (CIS Controls) v8 and aligned with NIST’s Cybersecurity Framework 2.0, to help SMEs understand where they can get started with establishing a ransomware risk management strategy.

Speakers will provide an overview of the resources above, including how they were developed collaboratively, and will also discuss current and future efforts to address ransomware risk management.  Ample time will be saved audience questions, ideas, and discussion.