ITM Tech Cybersecurity Essentials Booklet - Flipbook - Page 30
CONTROL 11
11 - Data Recovery
Safeguards Total
5
IG1
4/5
THE SAFEGUARDS
IG2
5/5
IG3
5/5
Establish and maintain data recovery practices sufficient to restore in-scope
enterprise assets to a pre-incident and trusted state.
11.1 Establish and Maintain a Data
Recovery Process
Data
Recover
11.2 Perform Automated Backups
Data
Recover
11.3 Protect Recovery Data
Data
Why Is This CIS Control Critical?
In the cybersecurity triad—Confidentiality,
Integrity, and Availability (CIA)—the
availability of data is, in some cases, more
critical than its confidentiality. Enterprises
need many types of data to make business
decisions, and when that data is not
available or is untrusted, then it could
impact the enterprise. An easy example is
weather information to a transportation
enterprise.
When attackers compromise assets,
they make changes to configurations,
add accounts, and often add software or
scripts. These changes are not always
easy to identify, as attackers might have
corrupted or replaced trusted applications
with malicious versions, or the changes
might appear to be standard-looking
account names. Configuration changes
can include adding or changing registry
entries, opening ports, turning off security
services, deleting logs, or other malicious
actions that make a system insecure.
These actions do not have to be malicious;
human error can cause each of these as
well. Therefore, it is important to have an
ability to have recent backups or mirrors to
recover enterprise assets and data back to
a known trusted state.
Protect
11.4 Establish and Maintain an
Isolated Instance of Recovery
Data
Data
Recover
11.5 Test Data Recovery
Data
Recover
30
Did You Know?
75% of small business owners don’t have a Disaster Recovery plan in place. A basic Disaster
Recovery plan can start off small and grow over time. Something is better than nothing. We
can help you build a Disaster Recovery plan so you are ready for when something happens.
1
2
3
4
5
Asset Type Security Function
1= Asset Type
2= Security Function
3= Implentation Group 1
4= Implentation Group 2
5= Implentation Group 3
