Data recovery has multiple requirements not addressed in DRC001:
Timely: It is important to be able to recover systems/data in a timely manner. The NYDFS Cybersecurity Regulation requires that Business Continuity and Disaster Recovery (BCDR) plans include "procedures for the maintenance of back-up facilities, systems and infrastructure as well as alternative staffing and other resources to enable the timely recovery of critical data and information systems and to resume operations as soon as reasonably possible following a cybersecurity-related disruption to normal business activities." Cyberinsurers have been reported to have paid the ransom in situations where the victim organization had backups but the time and cost of recovery would exceed the ransom amount.
Precise: It is only necessary to restore what was impacted by an incident. Rather than having an all-or-nothing restoration process, organizations need technical solutions that can restore specific data, files, or systems precisely. An organization that lacks precision restoration capabilities will waste resources restoring data, files, and systems unnecessarily. The ability to ascertain specifically what was impacted by an incident relates back to scope assessment.
Reliable (pre-recovery): It is essential to be able to verify the integrity of a data source that is being used to restore normal operations. If the cyber security incident began before the data source was preserved, then it could already have been compromised, rendering it untrustworthy for recovery purposes.
Reliable (post-recovery): It is important to be able to validate that recovery operations completed successfully, restoring data, files, or systems to their correct state.
Data recovery has multiple requirements not addressed in DRC001:
Timely: It is important to be able to recover systems/data in a timely manner. The NYDFS Cybersecurity Regulation requires that Business Continuity and Disaster Recovery (BCDR) plans include "procedures for the maintenance of back-up facilities, systems and infrastructure as well as alternative staffing and other resources to enable the timely recovery of critical data and information systems and to resume operations as soon as reasonably possible following a cybersecurity-related disruption to normal business activities." Cyberinsurers have been reported to have paid the ransom in situations where the victim organization had backups but the time and cost of recovery would exceed the ransom amount.
Precise: It is only necessary to restore what was impacted by an incident. Rather than having an all-or-nothing restoration process, organizations need technical solutions that can restore specific data, files, or systems precisely. An organization that lacks precision restoration capabilities will waste resources restoring data, files, and systems unnecessarily. The ability to ascertain specifically what was impacted by an incident relates back to scope assessment.
Reliable (pre-recovery): It is essential to be able to verify the integrity of a data source that is being used to restore normal operations. If the cyber security incident began before the data source was preserved, then it could already have been compromised, rendering it untrustworthy for recovery purposes.
Reliable (post-recovery): It is important to be able to validate that recovery operations completed successfully, restoring data, files, or systems to their correct state.