Data loss can be a consequence of a variety of factors from malicious ransomware to hardware failures and even natural disasters. Regardless of the reason for data loss, we need to be able to restore our data. A data recovery plan begins with prioritizing our data, protecting it while it is being stored, and having a plan to recover data.   

Key Takeaways for Control 11

  1. Prioritize your data and come up with a data recovery plan.
  2. Protect your backed up data. (See Control 3: Data Protection.)
  3. Practice and Test restoring your data.
  4. Restore your data after any compromise.

Availability of data is part of the triad of cybersecurity—Confidentiality, Integrity, and Availability. We should be able to recover data in an event of data loss but should also be able to recover if we have lost data integrity which may be the case after a security breach with unknown impacts on the system.

Safeguards for Control 11

1. Establish and Maintain a Data Recovery Process

Description: Establish and maintain a data recovery process. In the process, address the scope of data recovery activities, recovery prioritization, and the security of backup data. Review and update documentation annually or when significant enterprise changes occur that could impact this Safeguard

Notes: Document your plan that includes what is being backed up, how it is protected, and how it will be recovered

2. Perform Automated Backups

Description: Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data.

Note: Classifying your data can help you determine how often it needs to be backed up.

3. Protect Recovery Data

Description: Protect recovery data with equivalent controls to the original data. Reference encryption or data separation based on requirements.

Notes: See Control 3 Data Protection and (Read more...)