eoghanscasey
commented
1 year ago Separate incident response from recovery. Business continuity and resiliency planning are typically treated separately from response. The NIST Cybersecurity Framework treats Response and Recovery separately, and the updates planned in version 2.0 have strengthened Recovery. The updated NYDFS NYCRR 500 Cybersecurity regulation emphasizes BCDR, the EU Digital Operational Resilience Act addresses both response and recovery.
https://docs.google.com/document/d/1fsbTVs_h6ZPDKJIVnupOPBX0LTJqkVDx3RbZPz0UIAQ/edit