The processes and tools used to properly back up critical information with a proven methodology for timely recovery of it.
Why is this CIS Control critical?
When attackers compromise machines, they often make significant changes to configurations and software. Sometimes attackers also make subtle alterations of data stored on compromised machines, potentially jeopardizing organizational effectiveness with polluted information. When the attackers are discovered, it can be extremely difficult for organizations without a trustworthy data recovery capability to remove all aspects of the attacker’s presence on the machine.
- Ensure that each system is automatically backed up on at least a weekly basis, and more often for systems storing sensitive information. To help ensure the ability to rapidly restore a system from backup, the operating system, application software, and data on a machine should each be included in the overall backup procedure. These three components of a system do not have to be included in the same backup file or use the same backup software. There should be multiple backups over time, so that in the event of malware infection, restoration can be from a version that is believed to predate the original infection. All backup policies should be compliant with any regulatory or official requirements.
- Test data on backup media on a regular basis by performing a data restoration process to ensure that the backup is properly working.
See the full text of this CIS Control and the other 20 CIS Controls
Information Hub: Data Recovery Capability
Webinar • 17 May 2017
Blog post • 15 May 2017
White paper • 06 May 2017
Newsletter • 01 Apr 2017