Cleanup and verification

There will be processes, tools and other things put into place for IR

They will all need to be removed and cleaned up

Host-based tools

Sometimes these tools can be disruptive

Must be removed to completely return to normal operations

• This may need revisiting in recovery

Network changes

• Span port changes

• Routing changes

• Network monitoring changes

  • All these need to be undone

Some systems may have been shut down

Restart systems that were shut down

Consider impact of bringing these systems back up

Consider the order in which systems are brought back up