The IT Law Wiki


Recovery is

[t]he activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term.[1]
the development, coordination, and execution of service- and site-restoration plans for affected communities and the reconstitution of government operations and services through individual, private sector, nongovernmental, and public assistance programs that identify needs and define resources; provide housing and promote restoration; address long-term care and treatment of affected persons; implement additional measures for community restoration; incorporate mitigation measures and techniques, as feasible; evaluate the incident to identify lessons learned; and develop initiatives to mitigate the effects of future incidents.[2]
[t]hose capabilities necessary to assist communities affected by an incident to recover effectively, including, but not limited to, rebuilding infrastructure systems; providing adequate interim and long-term housing for survivors; restoring health, social, and community services; promoting economic development; and restoring natural and cultural resources.[3]


"In recovery, administrators restore systems to normal operation, confirm that the systems are functioning normally, and remediate vulnerabilities to prevent similar incidents. Recovery may involve such actions as restoring systems from clean backups, rebuilding systems from scratch, replacing compromised files with clean versions, installing patches, changing passwords and tightening network perimeter security. Higher levels of system logging or network monitoring are often part of the recovery process. Once a resource is successfully attacked, it is often attacked again, or other resources within the organization are attacked in a similar manner."[4]


  1. NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
  2. National Infrastructure Protection Plan, at 111.
  3. ICS-CERT, Common Cyber Security Language (full-text).
  4. Report on Cybersecurity Practices, at 24.

See also[]