ABSTRACT
Recovery can begin as soon as the first compromised account, backdoor, communication channel, or compromised system or component is identified. This chapter focuses on the recovery of technology systems given that many of the tools and techniques only practically exist in that space. Key part of ensuring effective service restoration is documenting any steps required to build a new instance of the service. Service or component rebuilds are commonplace during a recovery effort and will likely be necessary if a destructive attack takes place. There are two main metrics to keep in mind when designing a backup strategy: Recovery Time Objective (RTO) and Recovery Point Objective. RTO essentially governs how much information is backed up at a given time. A traditional backup strategy makes a copy of a system, component, or its information and stores it until it is needed.
