P8: Data backup as a CSF domain

[GuillaumeRoss]

The v1 paper talks about data traversal through a company. We need to decide which domain ‘backup’ will be part of.

[merkletrie]

The domain (i.e. function) seems to me to be part of Recover as it currently is. Having the backup and ensuring it has not been compromised (which is where offline backups come into place) can still be an Objective with associated practices.

[stods21]

I am happy to leave things as is for V1. If we want to break out into a sub-group on resilience processes post-RSA then that's do-able. Thanks, @merkletrie