RC.RP-03.350

Does your organization verify restoration assets for integrity issues and indicators of compromise before using them in recovery operations?

Explanation

This question assesses whether your organization performs integrity checks on backup data, system images, or other restoration assets before using them to recover from incidents. These checks should include scanning for malware, verifying file integrity through checksums or hashes, and confirming the absence of unauthorized modifications that could reintroduce compromises into restored systems. Evidence could include documented restoration procedures that specify integrity verification steps, logs from integrity verification tools showing pre-restoration checks, or screenshots of security scanning results performed on restoration assets prior to deployment.

Implementation Example

Check restoration assets for indicators of compromise, file corruption, and other integrity issues before use

ID: RC.RP-03.350

Context

Function: RC: RECOVER
Category: RC.RP: Incident Recovery Plan Execution
Sub-Category: The integrity of backups and other restoration assets is verified before using them for restoration

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub