Cyber Risk Framework – Recover

Recovery from a cybersecurity incident is a critical aspect of today’s business plan. Due to the number and level of cyber threats, organizations are best to assume some type of incident “will” occur rather than assuming it “will not occur”.

The recover function is the final step in the National Institute of Standards and Technology (NIST) Cybersecurity framework. NIST defines an event as any observable occurrence in a system or network.  An incident is defined as a violation of acceptable policies, or security policies and best practices.  A cyber event is a specific cybersecurity incident or set of related cybersecurity incidents that result in the successful compromise of one or more information systems. 

Capabilities in the Recover function have a significant effect by providing realistic data for improving other capabilities.The Cybersecurity Strategy and Implementation Plan (CSIP) defines recover as:

• The development/ implementation of plan/ processes/procedures for recovery and full restoration, in a timely manner, of capabilities or services that are impaired due to a cyber event.

Recovery according to NIST involves adequate recovery planning, improvement implementation and communication.  This session explores each of these components along with various elements which will assist the organization in planning for an effective recovery.

Training for all programs related to cyber security by this trainer are utilizing the framework of the National Institute of Standards and Technology (NIST) as a model. This information is freely available in the public domain. For more detailed information on the framework please refer to NIST.org.