Function: Recover

                    Risk Area: Recovery Planning
                    Control Objective: Recovery processes and procedures are executed and maintained to ensure timely restoration of
                    systems or assets affected by cybersecurity events.
                    Control Activities                                                          Assessment
                    Recovery plan is executed during or after an event.
                    Risk Area: Improvements

                    Control Objective: Recovery planning and processes are improved by incorporating lessons learned into future activities.
                    Control Activities                                                          Assessment
                    Recovery plans incorporate lessons learned.

                    Recovery strategies are updated.

                    Risk Area: Communications
                    Control Objective: Restoration activities are coordinated with internal and external parties, such as coordinating
                    centers, internet service providers, owners of attacking systems, victims, other computer security incident response
                    teams, and vendors.
                    Control Activities                                                          Assessment
                    Public relations are managed.

                    Reputation after an event is repaired.

                    Recovery activities are communicated to internal stakeholders and executive management teams.

                   Reprinted courtesy of the National Institute of Standards and Technology, U.S. Department of Commerce.
                   Not copyrightable in the United States.
































                         www.theiia.org                                      Auditing Insider Threat Programs   41