Respond Recover: Difference between revisions
Jump to navigation
Jump to search
(Created page with "Response and Recovery ==R&R Topic 1==") |
No edit summary |
||
| Line 1: | Line 1: | ||
Response and Recovery | Response and Recovery | ||
== | Response and recovery is a fundamental cyber security domain. The objective of response and recovery is to classify the severity, manage and mitigate the impact of an incident. It also includes limiting the impact and restoring normal operations as quickly as possible. Response and recovery included several preparatory steps to ensure well-coordinated actions across multiple stakeholders. | ||
‘’’Key response and recovery topics’’’ include: | |||
*Incident Response Program | |||
*Incident Classification | |||
*Incident Response Playbooks | |||
*Excercises and Training | |||
*Disaster Recovery Plans (System) | |||
*Backup and Recovery (Asset) | |||
*Security Operations and Incident Classification | |||
==Incident Response Program== | |||
Incident Response Program enables timely and effective business restoration via coordinated, strategic, and pre-planned processes. OT Response and Recovery require unique considerations to prioritize availability among the traditional Confidentiality, Integrity, and Availability (CIA) triad and to accommodate limited resources in hardware, software, and expertise | |||
'''Current incident response program practices and recommendations''' include: | |||
*Organizations document their overarching OT Cyber Security Incident Response in an incident response plan, which provides information, guidance, and structure to support response and recovery activities. | |||
**In North America, NERC CIP-003 and CIP-008 address incident reporting and response requirements, which help shape the incident response plan. | |||
*The Cyber Security Incident Response Team (CSIRT) is the core group of multidisciplinary resources responsible for quickly and efficiently returning impacted cyber systems to normal operations. The CSIRT involves multiple internal players across OT, IT, operation, facility, legal, HR, compliance, and communications. The team coordinates with external partners such as OEM vendors, law enforcement, and information-sharing forums. | |||
**It is the best practice to document the roles and responsibilities of all potential stakeholders in the incident response plan. | |||
*Various policies, plans, and procedures serve different purposes and often interact together to create an effective response and recovery program. Establishing clear definitions and purposes, handover points, and relationships is crucial for a smooth transition between response and recovery phases and collaborating teams. | |||
*Ensure the plan's users and stakeholders can easily access necessary policies, procedures, contact information, and other documents when needed. Offline copies at applicable sites are advisable in case of communication loss. | |||
Revision as of 13:44, 30 October 2024
Response and Recovery
Response and recovery is a fundamental cyber security domain. The objective of response and recovery is to classify the severity, manage and mitigate the impact of an incident. It also includes limiting the impact and restoring normal operations as quickly as possible. Response and recovery included several preparatory steps to ensure well-coordinated actions across multiple stakeholders.
‘’’Key response and recovery topics’’’ include:
- Incident Response Program
- Incident Classification
- Incident Response Playbooks
- Excercises and Training
- Disaster Recovery Plans (System)
- Backup and Recovery (Asset)
- Security Operations and Incident Classification
Incident Response Program
Incident Response Program enables timely and effective business restoration via coordinated, strategic, and pre-planned processes. OT Response and Recovery require unique considerations to prioritize availability among the traditional Confidentiality, Integrity, and Availability (CIA) triad and to accommodate limited resources in hardware, software, and expertise
Current incident response program practices and recommendations include:
- Organizations document their overarching OT Cyber Security Incident Response in an incident response plan, which provides information, guidance, and structure to support response and recovery activities.
- In North America, NERC CIP-003 and CIP-008 address incident reporting and response requirements, which help shape the incident response plan.
- The Cyber Security Incident Response Team (CSIRT) is the core group of multidisciplinary resources responsible for quickly and efficiently returning impacted cyber systems to normal operations. The CSIRT involves multiple internal players across OT, IT, operation, facility, legal, HR, compliance, and communications. The team coordinates with external partners such as OEM vendors, law enforcement, and information-sharing forums.
- It is the best practice to document the roles and responsibilities of all potential stakeholders in the incident response plan.
- Various policies, plans, and procedures serve different purposes and often interact together to create an effective response and recovery program. Establishing clear definitions and purposes, handover points, and relationships is crucial for a smooth transition between response and recovery phases and collaborating teams.
- Ensure the plan's users and stakeholders can easily access necessary policies, procedures, contact information, and other documents when needed. Offline copies at applicable sites are advisable in case of communication loss.