CIS Control 11: Data Recovery | The State of Security – tripwire.com

<a href="#content" title="Skip to content">Skip to content &darr;</a> |     <a href="#navigation" title="Skip to navigation">Skip to navigation &darr;</a> <br><span><span><a href="/state-of-security/">Home</a> » <span><a href="/state-of-security/news/">News</a> » <span class="breadcrumb_last">CIS Control 11: Data Recovery</span></span></span></span><br>Data loss can be a consequence of a variety of factors from malicious ransomware to hardware failures and even natural disasters. Regardless of the reason for data loss, we need to be able to restore our data. A <a href="https://www.cisecurity.org/controls/data-recovery/" target="_blank" rel="noreferrer noopener">data recovery plan</a> begins with prioritizing our data, protecting it while it is being stored, and having a plan to recover data. &nbsp;&nbsp;<br>Availability of data is part of the triad of cybersecurity—Confidentiality, Integrity, and Availability. We should be able to recover data in an event of data loss but should also be able to recover if we have lost data integrity which may be the case after a security breach with unknown impacts on the system.<br><strong>Description: </strong>Establish and maintain a data recovery process. In the process, address the scope of data recovery activities, recovery prioritization, and the security of backup data. Review and update documentation annually or when significant enterprise changes occur that could impact this Safeguard<br><strong>Notes:</strong> Document your plan that includes what is being backed up, how it is protected, and how it will be recovered<br><strong>Description: </strong>Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data.<br><strong>Note: </strong>Classifying your data can help you determine how often it needs to be backed up.<br><strong>Description: </strong>Protect recovery data with equivalent controls to the original data. Reference encryption or data separation based on requirements.<br><strong>Notes:</strong> See Control 3 Data Protection and treat your backups like you would the original data<br><strong>Description: </strong>Establish and maintain an isolated instance of recovery data. Example implementations include version controlling backup destinations through offline, <a href="https://www.tripwire.com/solutions/maintain-control-in-the-cloud/">cloud</a>, and/or off-site systems or services.<br><strong>Notes:</strong> Offline backups are very important for situations like ransomware and other malicious software and offsite backups are important for disaster recovery. “Offline” backups mean the backup is not accessible via a network connection.<br><strong>Description:</strong> Test backup recovery quarterly, or more frequently, for a sampling of in-scope enterprise assets.<br><strong>Notes:</strong> This often-overlooked part of a Data Recovery plan cannot be overstated. Having quality software and hardware for Data Recovery is all for naught if you do not have the skills and experience to use them. Backups for mission critical infrastructure should be tested on a regular basis. This isn’t just to verify the integrity of the backups. It also ensures that staff has the know-how and experience to restore in a timely matter, as well.<br>See how simple and effective&nbsp;<a href="https://www.tripwire.com/products/tripwire-file-integrity-monitoring/" target="_blank" rel="noreferrer noopener">security controls</a>&nbsp;can create a framework that helps you protect your organization and data from known cyber-attack vectors by&nbsp;<a href="https://www.tripwire.com/misc/executives-guide-top-20-critical-security-controls-register/" target="_blank" rel="noreferrer noopener">downloading this guide here</a>.<br><a href="https://www.tripwire.com/state-of-security/controls/cis-control-1/" target="_blank" rel="noreferrer noopener">CIS Control 1: Inventory and Control of Enterprise Assets</a><br><a href="https://www.tripwire.com/state-of-security/controls/cis-control-2/" target="_blank" rel="noreferrer noopener">CIS Control 2: Inventory and Control of Software Assets</a><br><a href="https://www.tripwire.com/state-of-security/controls/cis-control-3/" target="_blank" rel="noreferrer noopener">CIS Control 3: Data Protection</a><br><a href="https://www.tripwire.com/state-of-security/controls/cis-control-4/" target="_blank" rel="noreferrer noopener">CIS Control 4: Secure Configuration of Enterprise Assets and Software</a><br><a href="https://www.tripwire.com/state-of-security/controls/cis-control-05/" target="_blank" rel="noreferrer noopener">CIS Control 5: Account Management</a><br><a href="https://www.tripwire.com/state-of-security/controls/cis-control-06/" target="_blank" rel="noreferrer noopener">CIS Control 6: Access Control Management</a><br><a href="https://www.tripwire.com/state-of-security/controls/cis-control-07/" target="_blank" rel="noreferrer noopener">CIS Control 7: Continuous Vulnerability Management</a><br><a href="https://www.tripwire.com/state-of-security/controls/cis-control-08/" target="_blank" rel="noreferrer noopener">CIS Control 8: Audit Log Management</a><br><a href="https://www.tripwire.com/state-of-security/controls/cis-control-09/" target="_blank" rel="noreferrer noopener">CIS Control 9: Email and Web Browser Protections</a><br><a href="https://www.tripwire.com/state-of-security/controls/cis-control-10/" target="_blank" rel="noreferrer noopener">CIS Control 10: Malware Defenses</a><br>CIS Control 11: Data Recovery<br><a href="https://www.tripwire.com/state-of-security/controls/cis-control-12/" target="_blank" rel="noreferrer noopener">CIS Control 12: Network Infrastructure Management</a><br><a href="https://www.tripwire.com/state-of-security/controls/cis-control-13/" target="_blank" rel="noreferrer noopener">CIS Control 13: Network Monitoring and Defense</a><br><a href="https://www.tripwire.com/state-of-security/controls/cis-control-14/" target="_blank" rel="noreferrer noopener">CIS Control 14: Security Awareness and Skill Training</a><br><span class="title">Categories </span><a href="/state-of-security/topics/controls/" rel="tag">Security Controls</a><br><span class="title">Tags </span><a href="/state-of-security/tag/backup/" rel="tag">Backup</a>, <a href="/state-of-security/tag/data/" rel="tag">data</a>, <a href="/state-of-security/tag/data-recovery/" rel="tag">Data Recovery</a><br><label>Direct: </label><span><a href="tel:5032767500" rel="nofollow,tel">503.276.7500</a></span><br><a href="/contact/" title="International Offices">International Offices</a><br><br><a href="https://www.tripwire.com/state-of-security/controls/cis-control-11/">source</a>
Share this post:

Leave a Reply