Interior Page Icon

Data Recovery Strategies

Assuring Trustworthiness for Continued Performance

the big idea

When an organization has experienced a cyber-attack, it must reconstitute its data and applications, including security infrastructure such as identity and access mechanisms, in order to continue mission or business critical functions in a trustworthy manner. This requires procedures for verifying the integrity of the backups to be restored, prioritization of restoration, and practices for ensuring that the destructive malware is not restored with the rest of the data.

Cyber Resiliency Goals & Objectives

The Data Recovery Strategies support the Withstand and Recover goals and the Continue and Reconstitute objectives.

Design Principles

As the organization recovers from an incident the design principles for Data Recovery will ensure that critical data and applications are available, trustworthy, and restored in an appropriately prioritized order as determined by the Cyber COOP Planning. The following resiliency techniques provide support to these principles:

What Can Be Done Now

Adapt existing storage (e.g., backups and data centers) and verification mechanisms (e.g., anti- virus and monitoring technology) and define procedures to protect against adversary activities during the recovery process.

The Right People & Policies

Creating a foundation of resiliency requires specific skills and policies:

Cyber Attack Lifecycle

Using the cyber resiliency techniques, Adaptive Response, Redundancy, and Substantiated Integrity, as described above, defenders can impede and sometimes even preclude the adversary's efforts to maintain a presence in the enterprise and limit the damage the malware causes. The adversary's efforts to control initial victims, execute the attack plan and maintain a presence in the enterprise are limited by Adaptive Response. This technique reduces the time before data and applications are restored with clean copies. Using Substantiated Integrity with Redundancy, limits and impedes the adversary's abilities to:

Synergies & Barriers

Synergies among practices are based on Adaptive Response's use of both Substantiated Integrity and Redundancy. Substantiated Integrity provides capabilities such as behavior validation so that the redundant data and applications are validated before use.

Barriers to adoption include:

Just Ahead

Enterprise data recovery strategies should include Redundancy with Diversity, for example use different recovery mechanisms and software to mitigate the chance of malware attack. Enterprises should also, transition to the use of cryptographic checksums on data to help identify any efforts by malware to corrupt the data.

See Key Concepts and Terms for definitions

Previous Activity Back to Menu Next Activity