richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Vault restructure

Browse source
This commit is contained in:
Richard Kranendonk 2026-04-23 11:51:51 +02:00
parent d45797d121
commit ff77508bd1
1433 changed files with 415450 additions and 1201 deletions
Download patch file Download diff file Expand all files Collapse all files

10
Corpus/Standards/SANS/SANS Incident Response step 5 Recovery.md Normal file
View file

@ -0,0 +1,10 @@
### Step 5: Recovery
The goal of recovery is to bring all systems back to full operation, after verifying they are clean and the threat is removed.
The SANS recovery procedure involves:
- **Defining time and date to restore operations**—system owners should make the final decision on when to restore services, based on information from the CSIRT.
- **Test and verifying**—ensuring systems are clean and fully functional as they go live.
- **Monitoring**—ongoing monitoring for some time after the incident to observe operations and check for abnormal behaviors.
- **Do everything to prevent another incident**—considering what can be done on the restored systems to protect them from recurrence of the same incident.