Recovery refers to phase four (4) in CyberHoot’s view of Cybersecurity Incident Handling. In this phase, incident handlers proceed with activities that seek to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term.
Phase 1 is Identification of an incident in progress through confirmation activities.
Phase 2 is Containment: containing the incident.
Phase 3 is Eradication: Eliminating the infection, malware, or hackers from your environment.
Phase 5 is Revision: once the dust clears from an incident, you should always go back to identify opportunities for improvement. These are revisions to your security program.
Related Terms: Incident Response, Identification, Containment, Eradication, Revision