Corporate Information Security Policies Targeting Ransomw are Attack

The ransomware attacks have created challenges for the entire world today and industries are getting affected from such sophisticated attacks, whether they are healthcare, educational, financials or any other service sectors, they are not safe from these malware attack. In these types of attacks, user data is encrypted or inaccessible to the victim, the hacker then demands money from the victim to give them access to their data after payment is done. This study guides how to mitigate ransomware attacks by adopting corporate information security policies in the organization with timely complete compliance. Ransomware is often designed to spread across networks and target information asset of organization, in healthcare Electronic Medical Record, HIMS, Database Server, File Servers, Application Server, Web Server, Domain Controllers and all associated & connected devices including IOT device, SCADA (Supervisory Control and Data Acquisition), once they are targeted the entire organization operations can be halted and paralyzed. Ransomware frequently changes its techniques to exploit the vulnerability, this research is based on technical & administrative controls, security standards, procedures, guidelines, best practices by following security frameworks i.e. (ISO 27001, HIPPA, and NIST) and the objective is to mitigate the attacks.