Incident recovery

What is recovery?

Returning the organization back to normal

Needed to restore computer images back to clean state

Verify accessibility of backup images

Consult with DR/BCP for times to recovery - e.g., MTTR, RPO - may be useful

Will need to check restored systems to verify any infections are eradicated

If there are new malware signatures, scan images as well

Sometimes the first round of effort to eradicate fails

See if root cause vulnerabilities still exist

Sometimes specific open ports are signs of infection

Last updated 2 months ago