9 hours 24 minutes
everyone Welcome back to the course. So in the last video, we took a look at how
C I s control number nine, the limitation in control of network ports, protocols and services mapped up to the NUS cybersecurity framework.
In this video, we're to take a look at control number 10 which is the data recovery capabilities. So we'll take a look at control number 10 as well as the sub controls associated with that.
Also, I want to mention in this module we do have a lab coming up. So be sure to download the step by step guide in the resource is section of this course.
So with control number 10 we're talking about data recovery capabilities. So
one example of this is corrupt data. So an attacker comes in, they either make changes or they corrupt a day to somehow so we don't have good data integrity, So we don't know. Maybe if we run a backup if they if the actual data is legitimate or not, Right? We're also seeing this with ransomware as well.
So when your files are locked up, how can you actually verify that even if you decrypted
that data has not been altered,
right? You really can't. So that's what we're talking about having making sure we have some kind of data recovery capabilities in place to make sure that we can prove the integrity of that data and that this data is legit.
So one way to do that, and probably the most common way to do that is ensuring regular automated backup. So we want to make sure that we're backing up the data and based off your organization. This may be different things right to your group. One type of entity. You may just be backing up your data through, like Dropbox or Google Drive or box dot com, or
are one drive or any number of various cloud storage things, right?
I would recommend. If you're only using one out there, go ahead and use a secondary one just as a as a just in case type of thing, right? Even as a smaller organization, there is a chance that someone would target you for attack. In fact, we're seeing more of that, and so they may compromise, say, your Google account and get your Google drive.
But if you've backed it up to like one driver something. You got an extra copy there
for you. So just keep that in mind. You just want to make sure you got regular automated backups, though.
So some control 10.2 performing complete system backup. So every so often, we want to make sure we're backing up everything now
based off your organization. You may have specific time frames, right? So some companies made backup do complete system backups all the time. Some may do differential backups, so only if a change has been made. Others may do on a time schedule. So they made you like a partial backup from, say, 5 p.m.
Every day. And that's all they do.
Eso they just wait until 5 p.m. So they only have. So let's say something happens in the morning. There's a ransomware attack. They only have the data from the previous evening at 5 p.m. When they backed it up. Right. So there's various levels here, but you definitely also want to perform complete system backups.
Some control 10.3. Test the data on your backup media, so just making sure you're testing up the in testing the integrity of that data on the backup media on a regular basis so you can do things like performing a data restoration process to ensure that the backup is actually working.
Now, this I would actually probably do in your test environment. Don't restored back to like your production environment. But take those backups and reform to a test environment. Make sure that is actually grabbing the correct data in your backups.
So control 10 4 We're talking about protecting those backups, right?
So making sure that we've got physical security in physical security in place if we're doing those backups on site,
or if we're doing them in the cloud, making sure that we're encrypting that data in at rest as well as in transit, right? So when we're sending that data is a crowd. We want O to the cloud. We want to make sure it's encrypted. We also want to make sure when it's stored in the cloud that is being stored, encrypted as well.
And then, finally, some control. 10 5 Ensuring the backups have at least one offline backup destination. So just making sure going back to we don't want to have a single backup location. We want to have multiple backups in place. So if one thing is compromised than we can at least have something else, right? So
ensuring that we've got at least one offs off line back up. So we
we capture a backup, maybe every so often, and we store that off our cloud storage. So we do. We keep storing in the cloud who also store copy locally as well. For us.
We want to make sure that the local copy does not touch Ah, the ah, the
backup connection. It also we want to make sure it's segment it out from that.
So in this video, what he's talked about CS Control number 10 against the Ice Control 10 is just talking through data recovery capabilities.
And the next body were to jump into sea and how that maps up to the newest cybersecurity framework. And then, as I mentioned, we do have a lab coming up after that video and so be sure to download that step by step Lab guide in the resource is section of the course
CIS Top 20 Critical Security Controls
This course will provide students with an overview of the CIS Top 20 Critical Security Controls v7.1. Students in this course will learn each CIS control and why it is important to an organization.