Recovery from a cybersecurity incident is a critical aspect of today’s business plan. Due to the number and level of cyber threats, organizations are best to assume some type of incident “will” occur rather than assuming it “will not occur”.

The recover function is the final step in the National Institute of Standards and Technology (NIST) Cybersecurity framework. NIST defines an event as any observable occurrence in a system or network.  An incident is defined as a violation of acceptable policies, or security policies and best practices.  A cyber event is a specific cybersecurity incident or set of related cybersecurity incidents that result in the successful compromise of one or more information systems. 

Capabilities in the Recover function have a significant effect by providing realistic data for improving other capabilities.The Cybersecurity Strategy and Implementation Plan (CSIP) defines recover as:

  • The development/ implementation of plan/ processes/procedures for recovery and full restoration, in a timely manner, of capabilities or services that are impaired due to a cyber event.

Recovery according to NIST involves adequate recovery planning, improvement implementation and communication.  This session explores each of these components along with various elements which will assist the organization in planning for an effective recovery.

Training for all programs related to cyber security by this trainer are utilizing the framework of the National Institute of Standards and Technology (NIST) as a model. This information is freely available in the public domain. For more detailed information on the framework please refer to

Learning Objectives
  • Explore the purpose and objectives of the Recovery phase in a cyber risk assessment.
  • Identify elements required for recovery planning.
  • Explore Recovery planning development of procedures.
  • Identify processes to initiate Recovery planning procedures.
  • Explore the strategic component of the Recovery process.
  • Identify the root cause of incidents.
  • Explore improvement methods for the Recovery phase.
  • Explore communication methods for the Recovery phase.
Last updated/reviewed: August 28, 2023

Included In Certifications

This course is included in the following Certification Programs:

13 CoursesCorporate Cyber Security Certification

  1. Cyber Threat – The Modern-Day Fraud: Breaches and Actions
  2. A Primer on Cyber Security Programs and Roles
  3. Cyber Risk Frameworks And Concepts
  4. Cyber Risk Framework - Identify Assets
  5. Cyber Risk Framework - Prioritize Assets
  6. Cyber Risk Framework - Protect Assets
  7. Cyber Risk Framework - Detect Part One
  8. Cyber Risk Framework - Detect Threats Part Two
  9. Cyber Risk Framework - Respond
  10. Cyber Risk Framework - Recover
  11. Cyber Risk Framework - Utilizing The Tier Approach
  12. Fraud and Personal Identity Theft
  13. Fraud and Business Identity Theft
14 Reviews (63 ratings)


Member's Profile
The course moved quickly and didn't go as in-depth with specific parts of recovery as I was expecting. The presentation was good and I would choose another video with this presenter.

Anonymous Author
An important aspect that companies forget to look at because cyber attacks are seldomly experienced by them. Great refresher on how to react to cyber attacks

Anonymous Author
This is a refresher course on the NIST (recovery). Nothing surprised me. This training will be beneficial to performance auditors.

Anonymous Author
This was a great course - providing insight on an often overlooked part of the cyber risk assessment process or any process.

Anonymous Author
This course is very informative and comprehensive. Great for those who are IT security and also for Internal auditors

Anonymous Author
Understanding the elements of recovery is important. This course helps defines the categories of recovery

Anonymous Author
NIST can be intimidating. This series is a good breakdown of the components to make it understandable.

Anonymous Author
This course was very informative and relevant. Most courses only focus on preventing cyber attacks.

Anonymous Author
This course helps me to understand Cyber Risk Framework, especially Recover stage.

Anonymous Author
I now understand the importance of recovery planning and continuous improvement..

Anonymous Author
I find the incorrect grammar to be especially distracting during these courses.

Anonymous Author
A good course covering the last section of the NIST Framework - Recover.

Anonymous Author
Cyber Risk Framework - Recover excellent course highly recommend

Anonymous Author
thanks lynn very good course hi from igors from lithuania

Course Complexity: Intermediate

No Advanced Preparation or Prerequisites are needed for this course. However, it is recommended to take the other courses in the series prior to completing this one.

Education Provider Information
Company: Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact: For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Instructor for this course
Course Syllabus
  Introduction to Cyber Risk Assessment – Recover from Incidents7:03
  Recovery Objectives8:41
  Recovery Planning11:44
  Recovery Planning Procedure Development9:05
  Initiation of Procedures2:31
  Strategic Recovery & Root Cause6:03
  Improvements and Validating6:04
  Improving Recovery Capabilities5:46
  Cyber Risk Assessment – Recover from Incidents 1:10:35
  Slides: Cyber Risk Assessment – Recover from IncidentsPDF
  Cyber Risk Assessment – Recover from Incidents Glossary/IndexPDF