With the threat of ransomware growing, this “quick-start guide” will help organizations use the National Institute of Standards and Technology (NIST) Ransomware Risk Management: A Cybersecurity Framework Profile to combat ransomware.

Like the broader NIST Cybersecurity Framework, which is widely used voluntary guidance to help organizations better manage and reduce cybersecurity risk, the customized ransomware profile fosters communications and risk-based actions among internal and external stakeholders, including partners and suppliers. The Framework is organized by five key functions—identify, protect, detect, respond, and recover. These five terms provide a comprehensive way to view the lifecycle for managing cybersecurity risk.

The activities listed under each function offer a good starting point for any organization, including those with limited resources to address cybersecurity challenges. They help to set priorities so that an organization gets the greatest value out of its efforts to manage ransomware risks. Much depends on how sophisticated your current operations are in terms of cybersecurity risk management. While there are many other things that can and should be done to combat ransomware, it is important to recognize that you don’t need to do everything all at once.