Views:
FRAMEWORKS AND STANDARDS

CIS Critical Controls 11 Explained

An overview of CIS control 11, its purpose, and how to implement the control.

Published Date: October 28, 2024

Product Line: CIS Controls

Audience: Executives, Security Administrators

Get your copy of the CIS Controls V8.1 here.

Data Recovery

Data recovery is the process of restoring any compromised or lost data, validating the CIA Triad, as described below, is continuously applied to all information residing in an organization. Secure data recovery methods support business operations through continuity and resilience and assure information is protected against cyber threats.

The CIA Triad (Confidentiality, Integrity, Availability)

The CIA Triad describes crucial components to consider when looking into protecting an organization’s data.

  • Confidentiality: ensure sensitive information is not accessed by unauthorized individuals.
  • Integrity: validate data and other configurations are not modified.
  • Availability: ensure data and other services are always up and running, accessible to employees or consumers.

Backups

Maintaining backups or even snapshots of virtual machines to recover enterprise assets is a crucial aspect of data recovery. As ransomware attacks continue to rise, basic data restoration cannot bypass encryption methods used by attackers. Moreover, when assets are compromised, attackers can make configuration changes which are not always easy to detect. Noting these risks, organizations can utilize backups to return compromised systems and data to a state of normality, before an attack takes place.

Data Recovery Techniques

Data Recovery techniques include a variety of methods to upkeep the confidentiality, integrity, and availability of compromised or lost data/systems.

  1. Establish and Maintain a Data Recovery Process: determine scope, data recovery prioritization, and how to secure backups. Update this documentation annually or more frequently if necessary. 
  2. Secure Storage of Backups: Encrypt backups and use access controls to protect data from unauthorized access. Securing backup environments ensures data integrity and confidentiality are maintained.
  3. Perform Backups: create backups for assets within the scope of your data recovery process. Run backups weekly to ensure the most frequent information is kept secure (or more frequently depending on the data).
  4. Protect Recovery Data: ensure encryption and data separation are implemented on recovery data stored in backups. 
  5. Establish and Maintain an Isolated Instance of Recovery Data: this can include version control on backups through cloud or off-site systems. 
    • Store recovery data in a separate location.
  6. Test Data Recovery: test recovery using backups quarterly for assets within the data recovery process scope. 
    • This ensures, in case of an incident, that an organization can get back data as expected with little to no complications.

Extra Tips

  • Automate Backups: frequent backups can be done automatically to prevent human error. 
  • Data Recovery Plans for Different Scenarios: formulate recovery procedures that are adaptive and can handle a variety of incidents and attacks. Thoroughly thought-out processes for a variety of attacks help organizations tailor their response and target each threat properly in the event of an attack. 
  • Data Integrity Checks: validate data has not been modified. These checks help detect any issues early, preventing corrupted data from reentering the system during recovery. 
  • Comprehensive Data Recovery Testing: organizations can carry out full recovery tests to assess how successful current data recovery processes are. Simulating real events can expose flaws in recovery plans that cannot occur during a real incident.
Keywords: Control 11