Recovery from a cybersecurity incident is a critical aspect of today’s business plan. Due to the number and level of cyber threats, organizations are best to assume some type of incident “will” occur rather than assuming it “will not occur”.
The recover function is the final step in the National Institute of Standards and Technology (NIST) Cybersecurity framework. NIST defines an event as any observable occurrence in a system or network. An incident is defined as a violation of acceptable policies, or security policies and best practices. A cyber event is a specific cybersecurity incident or set of related cybersecurity incidents that result in the successful compromise of one or more information systems.
Capabilities in the Recover function have a significant effect by providing realistic data for improving other capabilities.The Cybersecurity Strategy and Implementation Plan (CSIP) defines recover as:
- The development/ implementation of plan/ processes/procedures for recovery and full restoration, in a timely manner, of capabilities or services that are impaired due to a cyber event.
Recovery according to NIST involves adequate recovery planning, improvement implementation and communication. This session explores each of these components along with various elements which will assist the organization in planning for an effective recovery.
Training for all programs related to cyber security by this trainer are utilizing the framework of the National Institute of Standards and Technology (NIST) as a model. This information is freely available in the public domain. For more detailed information on the framework please refer to NIST.org.
Prerequisites
No Advanced Preparation or Prerequisites are needed for this course. However, it is recommended to take the other courses in the series prior to completing this one.
Learning Objective
- Explore the purpose and objectives of the Recovery phase in a cyber risk assessment.
- Identify elements required for recovery planning.
- Explore Recovery planning development of procedures.
- Identify processes to initiate Recovery planning procedures.
- Explore the strategic component of the Recovery process.
- Identify the root cause of incidents.
- Explore improvement methods for the Recovery phase.
- Explore communication methods for the Recovery phase.
Last updated/reviewed: July 7, 2025
(0) Reviews
(65 rating)Lesson Questions and Answers0 Questions
INRODUCTION AND OVERVIEW
- Introduction to Cyber Risk Assessment – Recover from Incidents 7:03
- Recovery Objectives 8:41
- Recovery Planning 11:44
- Recovery Planning Procedure Development 9:05
- Initiation of Procedures 2:31
- Strategic Recovery & Root Cause 6:03
- Improvements and Validating 6:04
- Improving Recovery Capabilities 5:46
- Communications 7:07
- Summary 6:31
CONTINUOUS PLAY
SUPPORTING MATERIALS
- Slides: Cyber Risk Assessment – Recover from Incidents PDF
- Cyber Risk Assessment – Recover from Incidents Glossary/Index PDF
REVIEW AND TEST
- REVIEW QUESTIONS quiz
- FINAL EXAM exam
Ask the instructor a question about this lesson