CIS Controls v8 Overview- Control 11

Control 11: Data Recovery- Establish and maintain data recovery practices sufficient to restore in-scope enterprise assets to a pre-incident and trusted state.

Why is this Control Important?

In the cybersecurity triad — Confidentiality, Integrity, and Availability (CIA) — the integrity and availability of data can be more critical than its confidentiality in some situations. Organizations need data to make business decisions and that data must be available and trusted. When attackers are able to compromise assets, they often make changes to configurations, add accounts, or introduce malware which is not easy to identify. Non-malicious human error can also account for these types of challenges as well. Recent backups or mirrors for an organizations assets and data back is required.

As covered before, the exponential increase in ransomware over the last few years has caught many organizations unprepared. If an organization’s data is encrypted by an attacker, a recent backup may make the difference in an organization's ability to continue providing goods or services to its customers. Leveraging the guidance within the CIS Controls helps reduce the risk of ransomware as attackers usually use older or basic exploits on insecure systems.

And its Safeguards?

This Control has five (5) Safeguards which include establishing and maintaining a data recovery process, performing automated backups, protecting recovery data, establishing and maintaining an isolated instance of recovery data, and testing data recovery.

How is this Control implemented?

Data recovery procedures should be defined in the data management process described in CIS Control 3:Data Protection and include backup procedures and methodologies (i.e., full or incremental) based on data value, sensitivity, or retention requirements. In addition, backups should also be restored and validated on a regular schedule, such as quarterly, or whenever a significant change in technology is introduced. Versions of backup should also be maintained to help recover from malware using a version that predates the infection.

Key Reminder(s)

In the next post, we will look at Control 12: Network Infrastructure Management. If you enjoyed this post, please 𝙇𝙞𝙠𝙚 and 𝙎𝙝𝙖𝙧𝙚!

Contact Temples Consulting (a CIS SecureSuite Partner) to schedule a no-cost consultation for Data Protection solutions using the latest CIS Benchmarks.

#cybersecurity #security #infosec #informationsecurity #riskmanagement #ciscontrols #cissecuresuite #safeguards #ciscontrolsv8 #templesconsultinggroup #security #clarity #delivery #riskassessment #riskremediation #risk2remediation #software #cyber #governance #GRC #implementations #dataprotection #datasecurity #phishing #vishing #smishing