NAS2002 Recover Tasks List

#Winter24/NAS2002/recover

based on NIST Cybersecurity Framework 2.0

Incident Recovery Plan (IRP)

1. initiate and execute recovery plan as defined in the IRP
2. determine the scope and prioritise recovery based on impact analysis
3. ensure integrity of backups and other restoration assets before use
4. establish post incident operational norms by considering critical mission functions
5. apply criteria to determine end of recovery and complete documentation
6. inform internal and external stakeholders about recovery activities and progress
in restoring operations

tools - backup solutions - Veeam, Acronis, PM software, impact analysis tools,

risk management platforms, documentation tools and checklists

Additional Tasks
1. evaluate effectiveness of the recovery process
2. restore all critical business functions affected by the incident
3. perform thorough testing of restored systems
4. update IRP based on lessons learned from the incident
5. implement measures to enhance resilience and reduce vulnerabilities in the future
6. provide targeted training and awareness programmes
7. continuously monitor post recovery operations to detect anomalies that may
indicate unresolved issues or new threats
8. strengthen communication channels with stakeholders to improve trust and
transparency for future IRP efforts

tools - SIEM and CRM software, infrastructure hardening guides, monitoring

solutions, resilience assessment tools, PR management software