 Hello and welcome to the session in which we will keep working with the core functions of the US cybersecurity framework that was developed by the National Institute of Standards and Technology and specifically of the five core functions today we're going to be finishing with the recover function which is the last function. In the prior session we looked at the identified function which is identifying your asset, protecting your asset to protect function, detecting any intrusion, how to respond and in this session we would look at the recovery function. Once again we have five core function 23 categories we're covering today the last three categories 108 subcategories and many references so this is what we did already identified is done, protect is done, detect is done and respond is done. Today we're going to be focusing on the recover and from the name recover the purpose of this function is to do what is to restore your capabilities after you are after you experience a cybersecurity incidence now you need to recover well you need to recover your capabilities and services of course and you need to minimize the impact on the business operation to reduce the risk of future incident and you have to go back and rebuild your brand so after you after you experience a cybersecurity you're not only going to have losses in terms of monetary losses what's also important is how do you handle this incident, how do you handle it from a public relation perspective, from communication perspective because that's going to affect your brand. Before we proceed any further I have a public announcement about my company farhatlectures.com. Farhat accounting lectures is a supplemental educational tool that's going to help you with your CPA exam preparation as well as your accounting courses my CPA material is aligned with your CPA review course such as Becker, Roger, Wiley, Gleam, Miles my accounting courses are aligned with your accounting courses broken down by chapter and topics my resources consist of lectures multiple choice questions true false questions as well as exercises go ahead start your free trial today no obligation no credit card required so under the recover function under the recover function we're going to have three categories recovery planning improvement and communication and we saw improvement and communication in prior session but this is basically an overall improvements and communication the first category is the recovery planning category this focuses on developing and implementing plans to recover from cybersecurity incident so you have to have in writing down in writing well documented up-to-date recovery plan and what needs to be done so this category emphasizes the importance the importance of having well documented and up-to-date recovery plan in place to help the organization recover from the cyber security incident effectively and efficiently because what's going to happen is certain services might be out of service how are you going to recover those how are you going to minimize the impact across all the system how are you going to manage your public relation your brand so do you have a plan on how to recover this what if someone called from the media do you have a person a specialized person who can respond or how are you gonna handle social media comments on twitter on linkedin on facebook so on and so forth do you have a plan for that two is improvement well from the name improvement you're gonna incorporate you're gonna add lessons learned from past incidents and this incidents to do what if if something doesn't kill you it makes you stronger to identify opportunities to strengthen the organization recovery capabilities well what does that mean well you have to update your recovery plan based on lessons learned because the the key of improvement is learn from the past to improve the future so organization should analyze previous incidents learn from them and update the recovery plan accordingly to improve the responses and future incidents so what did you do okay we had a cyber security incident how are you gonna take advantage of it how do I take advantage of it i'm gonna learn make my system stronger learn from past event learn from my mistakes learn from my vulnerabilities and update my recovery plan also the subcategory called recovery strategies are improved the subcategory focuses on enhancing recovery strategies by evaluating the effectiveness of existing approaches and identifying areas of improvement again what strategy am i utilizing what can i do what did i learn from this lesson to improve my strategy last but not least is the communication category simply put communication focuses on coordinating with internal and external stakeholders especially external stakeholders during and after the incident the cyber security incident to do what to provide timely and correct information now do you have a person do you know who's responsible for this job well you might have a public relation department okay organization should have a plan for managing public relation after a cyber security incident what should they do provide accurate and timely information to customers partners stakeholders do you have this department if not do you know a per do you identify a person rather than trying to find a person in the midst of the cyber security attack reputation that's important how do you manage your reputation after an incident because that's going to be the worst thing that's going to happen to the company is the impact on their brand so this subcategory emphasizes the importance of managing the reputation by addressing concerns because people are people they're going to be they're going to fear doing business with you if someone can steal the their information how are you going to rebuild trust and demonstrate commitment to prevent future incidents so what are you going to tell them okay this is this happened take responsibility but we learned from it and in the future this should not happen again what how are you handling this also recovery activities are communicated what are you doing to put your website back online your server back online clear communication of recovery activities ensure that all parties involved are aware your suppliers are aware that your system is working again being are aware of the steps being taken to restore nor normal operation and maintain transparency so this is basically what we did we went over the five core functions the next thing I'm going to have to go over is the four tiers and the profile so it's very important to understand the big picture of the cyber security framework we covered the a major part of it the five core functions next we're going to discuss what is profile and what is what are the four tires and this way we'll have an idea about an overall idea about us cyber security framework that's developed by the national institute of standards and technology abbreviated as nest what should you do now go to far half lectures look at additional mcqs because this is how they're going to be testing you about this topic so you can hide you can answer the questions and do good pass your exam your certification do well in your course good luck study hard and of course stay safe