Instructor for this course

Recovery from a cybersecurity incident is a critical aspect of today’s business plan. Due to the number and level of cyber threats, organizations are best to assume some type of incident “will” occur rather than assuming it “will not occur”.

The recover function is the final step in the National Institute of Standards and Technology (NIST) Cybersecurity framework. NIST defines an event as any observable occurrence in a system or network.  An incident is defined as a violation of acceptable policies, or security policies and best practices.  A cyber event is a specific cybersecurity incident or set of related cybersecurity incidents that result in the successful compromise of one or more information systems. 

Capabilities in the Recover function have a significant effect by providing realistic data for improving other capabilities.The Cybersecurity Strategy and Implementation Plan (CSIP) defines recover as:

  • The development/ implementation of plan/ processes/procedures for recovery and full restoration, in a timely manner, of capabilities or services that are impaired due to a cyber event.

Recovery according to NIST involves adequate recovery planning, improvement implementation and communication.  This session explores each of these components along with various elements which will assist the organization in planning for an effective recovery.

Learning Objectives

  • Explore the purpose and objectives of the Recovery phase in a cyber risk assessment.
  • Identify elements required for recovery planning.
  • Explore Recovery planning development of procedures.
  • Identify processes to initiate Recovery planning procedures.
  • Explore the strategic component of the Recovery process.
  • Identify the root cause of incidents.
  • Explore improvement methods for the Recovery phase.
  • Explore communication methods for the Recovery phase.
Last updated/reviewed: June 26, 2021

Included In Certifications

This course is included in the following Certification Programs:

13 CoursesCorporate Cyber Security Certification

  1. Cyber Threat – The Modern-Day Fraud: Breaches and Actions
  2. A Primer on Cyber Security Programs and Roles
  3. Cyber Risk Frameworks And Concepts
  4. Cyber Risk Framework - Identify Assets
  5. Cyber Risk Framework - Prioritize Assets
  6. Cyber Risk Framework - Protect Assets
  7. Cyber Risk Framework - Detect Part One
  8. Cyber Risk Framework - Detect Threats Part Two
  9. Cyber Risk Framework - Respond
  10. Cyber Risk Framework - Recover
  11. Cyber Risk Framework - Utilizing The Tier Approach
  12. Fraud and Personal Identity Theft
  13. Fraud and Business Identity Theft

11 Reviews (32 ratings)Reviews

Member's Profile
The course moved quickly and didn't go as in-depth with specific parts of recovery as I was expecting. The presentation was good and I would choose another video with this presenter.
Anonymous Author
An important aspect that companies forget to look at because cyber attacks are seldomly experienced by them. Great refresher on how to react to cyber attacks
Anonymous Author
This was a great course - providing insight on an often overlooked part of the cyber risk assessment process or any process.
Anonymous Author
This course is very informative and comprehensive. Great for those who are IT security and also for Internal auditors
Anonymous Author
Understanding the elements of recovery is important. This course helps defines the categories of recovery
Anonymous Author
This course was very informative and relevant. Most courses only focus on preventing cyber attacks.
Anonymous Author
I now understand the importance of recovery planning and continuous improvement..
Anonymous Author
I find the incorrect grammar to be especially distracting during these courses.
Anonymous Author
A good course covering the last section of the NIST Framework - Recover.
Anonymous Author
Cyber Risk Framework - Recover excellent course highly recommend
Anonymous Author
thanks lynn very good course hi from igors from lithuania


Course Complexity: Intermediate

No Advanced Preparation or Prerequisites are needed for this course. However, it is recommended to take the other courses in the series prior to completing this one.

Education Provider Information

Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Course Syllabus
  7:02Introduction to Cyber Risk Assessment – Recover from Incidents
  8:41Recovery Objectives
  11:44Recovery Planning
  9:04Recovery Planning Procedure Development
  2:31Initiation of Procedures
  6:03Strategic Recovery & Root Cause
  6:03Improvements and Validating
  5:45Improving Recovery Capabilities
  1:10:30Cyber Risk Assessment – Recover from Incidents
  PDFSlides: Cyber Risk Assessment – Recover from Incidents
  PDFCyber Risk Assessment – Recover from Incidents Glossary/Index