Function |
Pillars |
Sub-Pillars |
Identify (RC.IP) |
RC.IP: Identify and Prioritise Resources |
RC.IP-1 |
Identify critical technical and non-technical assets | ||
RC.IP-2 |
||
Key Stakeholders and Responsibilities | ||
RC.IP-3 |
||
Prioritise Assets | ||
Control (RC.CC) |
RC.CC: Recovery Controls & Capabilities |
RC.CC-1 |
Identify Recovery Controls | ||
RC.CC-2 |
||
Identify Recovery Stakeholders | ||
RC.CC-3 |
||
Link Business Continuity and Recovery Controls | ||
RC.CC-4 |
||
Establish Recovery Capability and Gaps | ||
Map (RC.DM) |
RC.DM: Dependency Mapping |
RC.DM-1 |
Applicable regulatory, legal, environmental and operational requirements | ||
RC.DM-2 |
||
Sequence for Recovery Systems | ||
RC.DM-3 |
||
Service Interdependencies | ||
RC.DM-4 |
||
Functional and Security Dependencies | ||
Plan (RC.RP) |
RC.RP: Recovery Planning |
RC.RP-1 |
Recovery Plan | ||
RC.RP-2 |
||
Recovery Processes and Procedures | ||
RC.RP-3 |
||
Contact External Entities | ||
RC.RP-4 |
||
Recovery Communications | ||
RC.RP-5 |
||
Recovery Insight Sharing | ||
RC.RP-6 |
||
Recovery Contingency Measures | ||
RC.RP-7 |
||
Decision Making | ||
Playbook (RC.PL) |
RC.PL: Recovery Playbook |
RC.PL-1 |
Scenario-based Cyber Wargaming | ||
RC.PL-2 |
||
Potential Impact | ||
RC.PL-3 |
||
Resulting Recovery Processes | ||
RC.PL-4 |
||
Planned Response Activities | ||
RC.PL-5 |
||
Planned Recovery Activities | ||
RC.PL-6 |
||
Fix, Restore & Test | ||
RC.PL-7 |
||
Adapt | ||
Metrics (RC.RM) |
RC.RM: Recovery Metrics |
RC.RM-1 |
Recovery SLAs/OLAs | ||
RC.RM-2 |
||
Recovery KPIs | ||
RC.RM-3 |
||
Recovery Objectives | ||
RC.RM-4 |
||
Recovery Performance Indicators | ||
Test (RC.RT) |
RC.RT: Recovery Testing |
RC.RT-1 |
Stakeholder Interviews | ||
RC.RT-2 |
||
Threat Modelling | ||
RC.RT-3 |
||
Threat Intelligence | ||
RC.RT-4 |
||
Table Top eXercise | ||
RC.RT-5 |
||
Continuous Assurance Testing | ||
RC.RT-6 |
||
Red & Blue / STAR / CBEST / GBEST | ||
Improve (RC.CI) |
RC.CI: Continuous Improvements |
RC.CI-1 |
Industry Best Practices | ||
RC.CI-2 |
||
Address Recovery Gaps | ||
RC.CI-3 |
||
Improve Recovery Plan & Playbook | ||
RC.CI-4 |
||
Training & Skills Enhancement | ||
RC.CI-5 |
||
Educate & Train Staff about Recovery | ||
RC.CI-6 |
||
Recovery Call-off Contract |
© 2017 – 2020, C-MRIC.ORG, C-MRIC.COM and Cyber Recovery Operational Framework are registered trademarks of the C-MRIC organisation.