Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • CIS Control 11: Data Recovery
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

CIS Control 11: Data Recovery

4 years ago John Wenning
CIS Control 11: Data Recovery

Data loss can be a consequence of a variety of factors from malicious ransomware to hardware failures and even natural disasters. Regardless of the reason for data loss, we need to be able to restore our data. A data recovery plan begins with prioritizing our data, protecting it while it is being stored, and having a plan to recover data.   

Key Takeaways for Control 11

  1. Prioritize your data and come up with a data recovery plan.
  2. Protect your backed up data. (See Control 3: Data Protection.)
  3. Practice and Test restoring your data.
  4. Restore your data after any compromise.

Availability of data is part of the triad of cybersecurity—Confidentiality, Integrity, and Availability. We should be able to recover data in an event of data loss but should also be able to recover if we have lost data integrity which may be the case after a security breach with unknown impacts on the system.

Safeguards for Control 11

1. Establish and Maintain a Data Recovery Process

Description: Establish and maintain a data recovery process. In the process, address the scope of data recovery activities, recovery prioritization, and the security of backup data. Review and update documentation annually or when significant enterprise changes occur that could impact this Safeguard

Notes: Document your plan that includes what is being backed up, how it is protected, and how it will be recovered

2. Perform Automated Backups

Description: Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data.

Note: Classifying your data can help you determine how often it needs to be backed up.

3. Protect Recovery Data

Description: Protect recovery data with equivalent controls to the original data. Reference encryption or data separation based on requirements.

Notes: See Control 3 Data Protection and treat your backups like you would the original data

3. Establish and Maintain an Isolated Instance of Recovery Data

Description: Establish and maintain an isolated instance of recovery data. Example implementations include version controlling backup destinations through offline, cloud, and/or off-site systems or services.

Notes: Offline backups are very important for situations like ransomware and other malicious software and offsite backups are important for disaster recovery. “Offline” backups mean the backup is not accessible via a network connection.

Test Data Recovery

Description: Test backup recovery quarterly, or more frequently, for a sampling of in-scope enterprise assets.

Notes: This often-overlooked part of a Data Recovery plan cannot be overstated. Having quality software and hardware for Data Recovery is all for naught if you do not have the skills and experience to use them. Backups for mission critical infrastructure should be tested on a regular basis. This isn’t just to verify the integrity of the backups. It also ensures that staff has the know-how and experience to restore in a timely matter, as well.

See how simple and effective security controls can create a framework that helps you protect your organization and data from known cyber-attack vectors by downloading this guide here.

Read more about the 18 CIS Controls here:

CIS Control 1: Inventory and Control of Enterprise Assets

CIS Control 2: Inventory and Control of Software Assets

CIS Control 3: Data Protection

CIS Control 4: Secure Configuration of Enterprise Assets and Software

CIS Control 5: Account Management

CIS Control 6: Access Control Management

CIS Control 7: Continuous Vulnerability Management

CIS Control 08: Audit Log Management

CIS Control 09: Email and Web Browser Protections

CIS Control 10: Malware Defenses

CIS Control 11: Data Recovery

The post ” CIS Control 11: Data Recovery” appeared first on TripWire

Source:TripWire – John Wenning

Tags: Cloud, Critical Severity, Malware, Ransomware, TripWire, Vulnerability

Continue Reading

Previous Mekotio Banking Trojan Resurges with Tweaked Code, Stealthy Campaign
Next US Sanctions Pegasus-maker NSO Group and 3 Others For Selling Spyware

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists

4 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

1 day ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

1 day ago [email protected] (The Hacker News)

Recent Posts

  • German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists
  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT