Incident recovery
What is recovery?
Returning the organization back to normal
Service restoration
Validation and testing
Certification of proper operations
Damage assessment
Service restoration
Needed to restore computer images back to clean state
Verify accessibility of backup images
Consult with DR/BCP for times to recovery - e.g., MTTR, RPO - may be useful
Validation and testing
Will need to check restored systems to verify any infections are eradicated
If there are new malware signatures, scan images as well
Sometimes the first round of effort to eradicate fails
Devices might get missed the first time
Certification of proper operations
See if root cause vulnerabilities still exist
Sometimes specific open ports are signs of infection
Last updated